longes.fr XSS vulnerability

Open Bug Bounty ID: OBB-638019 Description| Value ---|--- Affected Website:| longes.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

auftakt-musikschule.de XSS vulnerability

Open Bug Bounty ID: OBB-637680 Description| Value ---|--- Affected Website:| auftakt-musikschule.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

tejnif.dk XSS vulnerability

Open Bug Bounty ID: OBB-637593 Description| Value ---|--- Affected Website:| tejnif.dk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-12895

CVE-2018-12895 affects WordPress up to version 4.9.6. An Author (needs files and posts capabilities) can trigger directory traversal via the thumb parameter in wp-admin/post.php, causing the PHP unlink call to delete wp-config.php through a missing filename validation in wp-includes/post.php wp_d...

tpl.fr Improper Access Control vulnerability

Open Bug Bounty ID: OBB-635265 Description| Value ---|--- Affected Website:| tpl.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

proteine.be Improper Access Control vulnerability

Open Bug Bounty ID: OBB-635240 Description| Value ---|--- Affected Website:| proteine.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

WordPress flickrRSS plugin cross-site scripting vulnerability (CNVD-2018-05367)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site scripting vulnerability exists in th...

Cross site scripting

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSSset parameter to wp-admin/options-general.php...

CVE-2018-6466

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSSset parameter to wp-admin/options-general.php...

CVE-2018-6467

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php...

CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

CVE-2018-6357

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01277)

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WPGlobus plugin is used in one of the plugin used to create a multi-language blog. A cross-site scripting vulnerabili...

WordPress responsive-coming-soon-page plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site request...

WordPress read-and-understood plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. read-and-understood plugin is the use of one of the use of the document reading plugin . A cross-site request forge...

Sql injection

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...

CVE-2018-5695

The CVE refers to WPJobBoard plugin for WordPress, version 4.4.4, where SQL injection is possible via the order or sort parameter passed to the wpjb-job or wpjb-alerts modules, triggered by a request to wp-admin/admin.php. This aligns with CNVD-2018-01254 and NVD details, which describe a paramet...

CVE-2018-5695

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...

CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodestart parameter...

Design/Logic Flaw

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...