102 matches found
CVE-2020-29171
Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...
CVE-2020-29171
Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...
CVE-2020-29171
CVE-2020-29171 is a Cross-site Scripting (XSS) vulnerability in the WordPress plugin Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) up to version 4.4.6. The flaw resides in admin/wp-security-blacklist-menu.php and stems from insufficient input validatio...
CVE-2020-36176
The CVE-2020-36176 affects the WordPress iThemes Security (formerly Better WP Security) plugin prior to version 7.7.0. The root issue is that the plugin does not enforce a new-password requirement for an existing account until the second login occurs, potentially leaving an account with a weak pa...
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure
The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...
CVE-2018-12636
The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2014-5072
Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2014-5072
CVE-2014-5072 affects the WP Security Audit Log WordPress plugin prior to version 1.2.5. The vulnerability is a cross-site request forgery (CSRF) that could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The public records in the connected sources ...
CVE-2014-5072
Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Information disclosure
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information...
CVE-2018-8719
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information...
CVE-2018-8719
CVE-2018-8719 affects WordPress WP Security Audit Log plugin (v3.1.1). The issue is information disclosure: access to wp-content/uploads/wp-security-audit-log/* is not restricted, enabling potential exposure of sensitive data (e.g., login attempts) and making files indexable by search engines. Ex...
WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure
No protection on the wp-content/uploads/wp-security-audit-log/ which is indexed by google and allows for attackers to possibly find user information bad login attempts PoC Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/...
XSSER - From XSS to RCE
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...
All In One WP Security & Firewall <= 4.1.2 - Multiple vulnerabilities in login CAPTCHA
The All In One WP Security & Firewall WordPress plugin was affected by a Multiple vulnerabilities in login CAPTCHA security vulnerability...
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
Introduction Exploit Title: Acunetix WP Security 3.0.3 XSS Date: May.03.2016 Exploit Author: Johto Robbie Facebook: https://www.facebook.com/johto.robbie Vendor: VN Hacker News Tested On: Apache 2.4.17 / PHP 5.6.16 / Windows 10 / WordPress 4.5.1 Category: Webapps Software Link:...
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting 1. Introduction Exploit Title: Acunetix WP Security 3.0.3 XSS Date: May.03.2016 Exploit Author: Johto Robbie Facebook: https://www.facebook.com/johto.robbie Vendor: VN Hacker News Tested On: Apache 2.4.17 / PHP 5.6.16 /...
All In One WP Security And Firewall < 4.0.7 - Multiple SQL Injections
The All In One WP Security & Firewall WordPress plugin was affected by a Multiple SQL Injections security vulnerability...