EUVD-2015-2325

Malware in sbrugna...

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

WordPress plugin Wonder Video Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...

CVE-2015-2218

Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...

CVE-2015-2218

CVE-2015-2218 affects WonderPlugin Audio Player for WordPress (plugin versions before 2.1). The vulnerability is a set of cross-site scripting (XSS) flaws in the wp_ajax_save_item function and related admin paths, allowing remote attackers to inject arbitrary script or HTML via parameters: item[n...

CVE-2015-2218

Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...

Multiple SQL Injection Vulnerabilities in WordPress Plugin WonderPlugin Audio Player

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple SQL injection vulnerabilities in the WordPress plugin WonderPlugin Audio Player allow remote authenticated users to...

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

Sql injection

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

CVE-2015-2199

The CVE-2015-2199 issue affects the WonderPlugin Audio Player WordPress plugin (before 2.1). Multiple SQL injection flaws allow remote unauthenticated/authenticated actors to execute arbitrary SQL commands via item[id] in wonderplugin_audio_save_item (AJAX at wp-admin/admin-ajax.php) or via itemi...

WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting

WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact:...

WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting

Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...