28 matches found
EUVD-2019-7633
Malware in sbrugna...
EUVD-2019-7634
Malware in sbrugna...
CVE-2019-17214
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending =1 to a URI...
CVE-2019-17213
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...
WordPress Discount Rules for WooCommerce plugin <= 2.0.2 - Multiple (XSS, SQLi) Vulnerabilities
Multiple XSS, SQLi Vulnerabilities found by WebARX Security in WordPress Discount Rules for WooCommerce plugin versions = 2.0.2. Solution Update the WordPress Discount Rules for WooCommerce plugin to the latest available version at least 2.1.0...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...
WordPress wpCentral plugin <= 1.4.7 - Privilege escalation vulnerability
Privilege escalation vulnerability found by WebARX in WordPress wpCentral plugin versions = 1.4.7. Solution Update the WordPress wpCentral plugin to the latest available version at least 1.4.8...
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...
Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...
Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers
UPDATE Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one...
CVE-2019-17214
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI...
CVE-2019-17213
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...
CVE-2019-17214
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI...
CVE-2019-17213
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...
Authentication flaw
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI...
Design/Logic Flaw
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...
CVE-2019-17213
CVE-2019-17213 affects the WebARX plugin for WordPress (version 1.3.0). The connected records confirm an unauthenticated stored cross-site scripting (XSS) vulnerability that can be triggered via the URI or the X-Forwarded-For HTTP header. The root cause is an XSS flaw in how input in the request ...
CVE-2019-17213
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...
CVE-2019-17214
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI...
CVE-2019-17214
The CVE-2019-17214 entry concerns the WebARX WordPress plugin, version 1.3.0. Affected component: the plugin’s firewall logic; root cause described as firewall bypass achievable by appending &cc=1 to a URI. Documented impact indicates that the firewall protection can be bypassed, enabling an unau...