CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

wpexploit•added 2020/08/31 12:0 a.m.•22 views

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.0019EPSS

Exploits1References1

Cvelist•added 2020/01/28 7:9 p.m.•12 views

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

8.8AI score0.00192EPSS

Exploits3References3

Cvelist•added 2018/02/06 2:0 p.m.•18 views

CVE-2018-6467

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php...

8.8AI score0.00216EPSS

Exploits1References1

CVE•added 2018/01/12 9:0 a.m.•36 views

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...

4.8CVSS4.9AI score0.00225EPSS

Exploits1References2Affected Software1

NVD•added 2015/06/18 6:59 p.m.•9 views

CVE-2015-4140

Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...

6.8CVSS6.5AI score0.00104EPSS

Exploits1References3

CVE•added 2015/06/18 6:0 p.m.•32 views

CVE-2015-4140

CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...

6.8CVSS6.7AI score0.00104EPSS

Exploits1References3Affected Software1

Prion•added 2015/06/09 2:59 p.m.•11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...

6.8CVSS6.7AI score0.01352EPSS

Exploits5References9Affected Software1

Prion•added 2015/02/26 3:59 p.m.•8 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

6.8CVSS7AI score0.00095EPSS

Exploits1References2Affected Software1

Prion•added 2014/12/31 9:59 p.m.•18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...

6.8CVSS7AI score0.00095EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2014/08/01 10:58 a.m.•22 views

Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS

The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...

4.3CVSS2.4AI score0.00347EPSS

Exploits2References2Affected Software1

Prion•added 2014/04/07 3:55 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...

4.3CVSS6.3AI score0.00522EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by