Cross site request forgery (csrf)

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php...

Design/Logic Flaw

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php countertitle parameter...

CVE-2018-5652

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodeend parameter...

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php...

CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...

CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepage parameter to wp-admin/options.php...

CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...

CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionselectorwplistpagesshowselector parameter to wp-admin/options.php...

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...

Code injection

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

Code injection

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepost parameter to wp-admin/options.php...

CVE-2018-5361

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php...

CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...

CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the posttitle parameter to wp-admin/post.php...

WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin versions =3.5.3. Vulnerable to Cross-Site Scripting via the sdmupload parameter in an edit action to wp-admin/post.php. Solution Update the WordPress Simple Download Monitor plugin to...

WordPress GD Rating System plugin 2.3 - Directory Traversal vulnerability (3)

A third Directory Traversal vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...