Clockstone and other CMSMasters Theme File Upload Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Clockstone and Various other CMSMasters Theme File Upload Vulnerabilities Google Dork: "wp-content/themes/clockstone" Date: 12/18/2012 Exploit Author: DigiP Vendor Homepage: http://cmsmasters.net/ Software Link:...

WordPress Theme CStar Design - id SQL Injection

WordPress Theme CStar Design - id SQL Injection source: https://www.securityfocus.com/bid/56694/info The CStar Design theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploi...

WordPress Theme Archin 3.2 - Configuration Access

WordPress Theme Archin 3.2 - Configuration Access Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access Date: Sept 29, 2012 Exploit Author: bwall @bwallHatesTwits Vendor Homepage: http://themeforest.net/user/wptitans Software Link:...

ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities

Title: ====== ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Date: ===== 2012-08-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=670 VL-ID: ===== 670 Common Vulnerability Scoring System: ==================================== 2.4 Introduction: =============...

ShopperPress WordPress Theme 2.7 SQL Injection

Title: ====== ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=669 VL-ID: ===== 669 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: =============...

WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability

WordPress is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"...

DSquare Exploit Pack: D2SEC_WPTHEMETUNER

Name| d2secwpthemetuner ---|--- CVE| CVE-2012-0934 Exploit Pack| D2ExploitPack Description| Wordpress Theme Tuner 0.7 Local File Include Vulnerability Notes|...

PT-2011-4736 · Cover · Cover

Name of the Vulnerable Software and Affected Versions: Cover WP theme versions prior to 1.6.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the s parameter. This can lead to the execution of malicious code on the client-side...

F8 Lite < 4.2.2 - XSS

The F8 Lite WordPress theme was affected by a XSS security vulnerability...

Redline < 1.66 - XSS

The RedLine WordPress theme was affected by a XSS security vulnerability...

Antisnews < 1.10 - XSS

The antisnews WordPress theme was affected by a XSS security vulnerability...

WordPress Theme Trending 0.1 - &#039;cpage&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/49896/info The Trending theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

WordPress Theme Web Minimalist 1.1 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/49874/info The Web Minimalist theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Theme Hybrid 0.9 - &#039;cpage&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/49866/info The Hybrid theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

PT-2007-5361 · Xuyiyang · Blue Memories Theme

Cross-site scripting XSS vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; th...