WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Schedule Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin versions = 2.5.1. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.2...

CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

CVE-2020-7048

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state deleting all site content stored in that table, as demonstrated by a wp-admin/admin-post.php?db-reset-tables=comments...

VulnCheck KEV: CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

Uber: Multiple Vulnerabilities (Including SQLi) in love.uber.com

Hi, I noticed you are using a critically vulnerable version of WMPL. By accessing http://love.uber.com/wp-content/plugins/sitepress-multilingual-cms/changelog.md, Attacker could find out http://love.uber.com/ is running WMPL version 3.1.8.4 Which is Vulnerable to, 1. SQL injection which gives ful...

WordPress Database Sync 0.4 Cross Site Scripting Vulnerability

WordPress Database Sync plugin version 0.4 suffers from a cross site scripting vulnerability. Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ -...

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/...

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed...

WordPress Backup Plugin 2.0.1 Information Disclosure

No description provided by source. Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/ Software Link:...