CVE-2016-10992

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports fromyear parameter...

CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php optionname parameter...

CVE-2016-10962

The vulnerability CVE-2016-10962 affects the Icegram WordPress plugin prior to version 1.9.19. The issue is a Cross-Site Request Forgery (CSRF) vulnerability via the wp-admin/edit.php?option_name parameter, which could enable unauthorized actions within the plugin’s admin context. Affected softwa...

Design/Logic Flaw

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

CVE-2016-10952

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

Sql injection

The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfcwppollsajaxrequest via the pollid parameter...

CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit aka Woocommerce Products Price Bulk Edit plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=updateoptions showproductspagelimit parameter...

Design/Logic Flaw

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectanglename or rectangleopacity parameter...

Essential Real Estate <= 1.7.1 - XSS

Multiple XSS across the plugin Example: https:///wp-admin/edit.php?poststatus=all&posttype=userpackage&packageuser="&filteraction=Filter&paged=1 https:///wp-admin/edit.php?poststatus=all&posttype=property&propertyauthor="&propertyidentity&filteraction=Filter&paged=1...

Sql injection

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Galleryid or Gallerytitle parameter...

Design/Logic Flaw

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

Design/Logic Flaw

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...

Design/Logic Flaw

The Ultimate Member aka ultimatemember plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen...

CVE-2018-13136

The Ultimate Member aka ultimatemember plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen...

CVE-2018-13136

CVE-2018-13136 affects the WordPress plugin Ultimate Member (aka ultimatemember) for versions prior to 2.0.18, exposing a cross-site scripting (XSS) vulnerability via the wp-admin settings screen. The issue is documented across multiple sources (CNVD/EUVD/OpenVAS/NVD/CVE records) as an XSS in thi...

CVE-2018-13136

The Ultimate Member aka ultimatemember plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen...

innebandycuper.se XSS vulnerability

Open Bug Bounty ID: OBB-638038 Description| Value ---|--- Affected Website:| innebandycuper.se Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...