WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

EUVD-2017-4495

Malware in sbrugna...

EUVD-2013-3467

Malware in sbrugna...

EUVD-2014-6199

Malware in sbrugna...

EUVD-2014-8421

Malware in sbrugna...

EUVD-2018-2375

Malware in sbrugna...

CVE-2014-8584

Cross-site scripting XSS vulnerability in the Web Dorado Spider Video Player aka WordPress Video Player plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Web-Dorado ECommerce WD For Joomla! Search_category_id SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Web-Dorado ECommerce WD for Joomla! searchcategoryid SQL Injection Scanner', 'Description' = %q This module will scan for hosts...

WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...

JVN#75738023: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

WordPress Web-Dorado Instagram Feed WD Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Web-Dorado Instagram Feed WD plugin is a social media content sharing plugin used in ... A cross-site scripting...

WordPress Web-Dorado Instagram Feed WD plugin cross-site scripting vulnerability (CNVD-2018-08291)

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Web-Dorado Instagram Feed WD plugin is a social media content sharing plugin used in ... A cross-site scripting...

WordPress WD Instagram Feed Premium 1.3.0 Cross Site Scripting

WD Instagram Feed 1.3.0aaaXSS Vulnerabilities Two cross-site scripting vulnerabilities in the WD Instagram Feed WordPress plugin allow attackers to inject arbitrary web script or HTML by passing payloads through the bio of an Instagram profile or remotely via comments on an Instagram post...

CVE-2018-10300

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio...

CVE-2018-10300

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio...

CVE-2018-10301

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post...

CVE-2018-10301

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post...