Lucene search
K

16 matches found

wpexploit
wpexploit
added 2020/08/31 12:0 a.m.23 views

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.00977EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/28 7:9 p.m.20 views

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

8.8AI score0.01584EPSS
Exploits3References3
CNVD
CNVD
added 2018/02/07 12:0 a.m.7 views

WordPress flickrRSS plugin cross-site scripting vulnerability (CNVD-2018-05367)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site scripting vulnerability exists in th...

6.1CVSS6.1AI score0.00918EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/02/06 2:0 p.m.29 views

CVE-2018-6467

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php...

8.8AI score0.006EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/17 12:0 a.m.2 views

WordPress read-and-understood plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. read-and-understood plugin is the use of one of the use of the document reading plugin . A cross-site request forge...

8.8CVSS6.7AI score0.00589EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/17 12:0 a.m.3 views

WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01277)

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WPGlobus plugin is used in one of the plugin used to create a multi-language blog. A cross-site scripting vulnerabili...

4.8CVSS6.1AI score0.00805EPSS
Exploits1References1
CVE
CVE
added 2018/01/12 9:0 a.m.41 views

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...

4.8CVSS4.9AI score0.00623EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/01/08 7:29 a.m.4 views

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...

4.8CVSS5.8AI score0.00799EPSS
Exploits1References3
NVD
NVD
added 2015/06/18 6:59 p.m.18 views

CVE-2015-4140

Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...

6.8CVSS6.5AI score0.01149EPSS
Exploits1References3
CVE
CVE
added 2015/06/18 6:0 p.m.38 views

CVE-2015-4140

CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...

6.8CVSS6.7AI score0.01149EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2015/06/09 2:59 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...

6.8CVSS6.7AI score0.04727EPSS
Exploits5References9Affected Software1
Prion
Prion
added 2015/02/26 3:59 p.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

6.8CVSS7AI score0.01007EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/12/31 9:59 p.m.22 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...

6.8CVSS7AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.23 views

Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS

The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...

4.3CVSS2.4AI score0.02053EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2014/04/07 3:55 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...

4.3CVSS6.3AI score0.02414EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2013/12/30 2:0 a.m.29 views

CVE-2013-7233

Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...

7AI score0.0384EPSS
Exploits0References2
Rows per page
Query Builder