212 matches found
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Google Dork: inurl:devformatter/devformatter.php Date: 21/01/13 Author: Junaid Hussain - illSecure Research Group -...
WordPress Portable phpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability
WordPress Portable phpMyAdmin Plugin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress 3.4.2 Cross Site Request Forgery
Exploit for php platform in category web applications ============================================================ Vulnerable Software: WordPress Version 3.4.2 Downloaded from: http://wordpress.org/latest.zip MD5SUM: d670508d81e2fd060c2041441bc03300 wordpress-3.4.2.zip...
CVE-2011-3128
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...
[ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored ============================================= I. VULNERABILITY...
CVE-2007-4154
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Wordpress 2.1.2 SQL Injection POC Credits: [email protected] Thanks to ferruh [email protected] improving my exploitation skills website:www.notsosecure.com Wordpress version 2.1.2 is vulnerable to sql injection. This POC works when...
CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for 1 404.php, 2 akismet.php, 3 archive.php, 4 archives.php, 5 attachment.php, 6 blogger.php, 7 comments.php, 8 comments-popup.php, 9 dotclear.php, 10 footer.php, 11 functions.php, 12...
CVE-2006-0986
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...
CVE-2005-2109
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use...
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. The cross-site scripting and HTML injection issue...
WordPress < 1.2.2 Multiple XSS
The remote version of WordPress is vulnerable to cross-site scripting attacks due to a failure of the application to properly sanitize user- supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be...