16 matches found
Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting
The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...
CVE-2015-5483
Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...
WordPress flickrRSS plugin cross-site scripting vulnerability (CNVD-2018-05367)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site scripting vulnerability exists in th...
CVE-2018-6467
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php...
WordPress read-and-understood plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. read-and-understood plugin is the use of one of the use of the document reading plugin . A cross-site request forge...
WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01277)
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WPGlobus plugin is used in one of the plugin used to create a multi-language blog. A cross-site scripting vulnerabili...
CVE-2018-5369
The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...
CVE-2018-5284
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
CVE-2015-4140
Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...
CVE-2015-4140
CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...
Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS
The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...
Cross site scripting
Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...
CVE-2013-7233
Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...