12 matches found
EUVD-2015-2325
Malware in sbrugna...
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...
WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...
CVE-2015-2218
Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...
CVE-2015-2218
Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...
Sql injection
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...
CVE-2015-2199
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...
CVE-2015-2199
The CVE-2015-2199 issue affects the WonderPlugin Audio Player WordPress plugin (before 2.1). Multiple SQL injection flaws allow remote unauthenticated/authenticated actors to execute arbitrary SQL commands via item[id] in wonderplugin_audio_save_item (AJAX at wp-admin/admin-ajax.php) or via itemi...
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact:...
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting
Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...