Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

Sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103 Kama Click Counter Plugin admin.php Blind sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103

CVE-2017-20103 describes a blind SQL injection in the Kama Click Counter Plugin (up to version 3.4.8) affecting wp-admin/admin.php via the order_by/order parameter (ASC, (select sleep(2))). The vulnerability can be exploited remotely and the public exploit has been disclosed. Upgrading to version...

Design/Logic Flaw

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

Design/Logic Flaw

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

Design/Logic Flaw

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php...

WordPress GD Rating System plugin 2.3 - Directory Traversal vulnerability (3)

A third Directory Traversal vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...

Sql injection

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free aka Event Espresso Lite plugin v3.1.37.12.L for WordPress via the recurrenceid parameter to /wp-admin/admin.php...

WordPress LeagueManager Plugin <= 3.7 - Cross Site Scripting

This plugin is prone to a wp-admin/admin.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the imagefile parameter in an edit action in the...

CVE-2015-1385

Cross-site scripting XSS vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmincategoryfeeds.php page to...

CVE-2014-9437

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the polyid parameter in an 1 editpoly, 2 editpolyline, or 3 editmarker action in the wp-google-maps-menu page to...

Cross site scripting

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

Sql injection

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus simple-retail-menus plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php...