Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33 matches found

Patchstack
Patchstackadded 2014/08/01 12:0 a.m.8 views

WordPress BSK PDF Manager Plugin <= 1.3 - Cross Site Scripting

This plugin is prone to a cross site scripting in wp-admin/admin.php multiple parameter. Solution Upgrade the plugin...

1.9AI score
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2014/07/14 2:0 p.m.23 views

CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

8.1AI score0.00826EPSS
Exploits3References2
Cvelist
Cvelistadded 2014/07/11 8:0 p.m.19 views

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

8.5AI score0.01491EPSS
Exploits1References1
CVE
CVEadded 2013/11/15 8:0 p.m.34 views

CVE-2013-6797

CVE-2013-6797 is a CSRF vulnerability in the WordPress plugin Blue Wrench Video Widget (bluewrench-video-widget.php) prior to version 2.0.0 . The issue allows remote attackers to hijack an administrator’s session by crafting requests that embed arbitrary URLs via the bw_url parameter on the bw-vi...

6.8CVSS7.4AI score0.00344EPSS
Exploits1References4Affected Software1
Prion
Prionadded 2013/11/01 3:55 p.m.24 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

6.8CVSS6.3AI score0.00575EPSS
Exploits6References10Affected Software1
Prion
Prionadded 2013/09/26 3:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

4.3CVSS6.2AI score0.00498EPSS
Exploits3References5Affected Software1
Cvelist
Cvelistadded 2013/05/10 10:0 a.m.16 views

CVE-2013-3254

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

5.8AI score0.00271EPSS
Exploits0References2
Patchstack
Patchstackadded 2013/04/22 12:0 a.m.13 views

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...

4.3CVSS2.9AI score0.00271EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2012/12/11 12:18 p.m.17 views

CVE-2012-6312

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

4.3CVSS5.7AI score0.01143EPSS
Exploits1References2
Prion
Prionadded 2012/10/24 5:55 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

6.8CVSS6.6AI score0.01308EPSS
Exploits6References6Affected Software1
Prion
Prionadded 2012/05/21 6:55 p.m.8 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

4.3CVSS6.2AI score0.00502EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2011/01/25 7:0 p.m.10 views

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelistadded 2011/01/25 6:0 p.m.14 views

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

5.8AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder