CVE-2014-5346

The CVE-2014-5346 entry affects the WordPress Disqus Comment System plugin version 2.77. The vulnerability is Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active pa...

Sql injection

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus simple-retail-menus plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php...

BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter

The BannerMan WordPress plugin was affected by a XSS in wp-admin/options-general.php via bannermanbackground parameter security vulnerability...

Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF

The member-approval WordPress plugin was affected by a wp-admin/options-general.php Option Manipulation CSRF security vulnerability...

ThinkIT <= 0.2 - wp-admin/admin.php toitcf_current_id Parameter XSS

The ThinkIT WP Contact Form WordPress plugin was affected by a wp-admin/admin.php toitcfcurrentid Parameter XSS security vulnerability...

Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS

The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...

WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php

...

WordPress BSK PDF Manager Plugin <= 1.3 - Cross Site Scripting

This plugin is prone to a cross site scripting in wp-admin/admin.php multiple parameter. Solution Upgrade the plugin...

WordPress Artiss Code Embed Plugin <= 2.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in wp-admin/admin.php suffix parameter. Solution Update the plugin...

Redirection - wp-admin/tools.php id Parameter XSS

The Redirection WordPress plugin was affected by a wp-admin/tools.php id Parameter XSS security vulnerability...

Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion

Plugin is still affected and has been closed...

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

CVE-2014-4847

Cross-site scripting XSS vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercodeRBannerurlbanner1 parameter in an update action to wp-admin/options.php...

CVE-2014-4847

CVE-2014-4847 concerns a cross-site scripting (XSS) flaw in the WordPress plugin “Random Banner” version 1.1.2.1. The vulnerability allows a remote attacker to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. Affecte...

CVE-2014-4848

The CVE-2014-4848 entry concerns the Blogstand Smart Banner WordPress plugin (version 1.0). A stored/reflected XSS vulnerability exists in the bs_blog_id parameter passed to wp-admin/options-general.php, enabling attackers to inject arbitrary script/HTML. Impact is web-page script execution by re...

WordPress Tweet Old Post plugin <= 3.2.5 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Tweet Old Post plugin = 3.2.5 SQL Injection Vulnerability Date: 2011-09-05 Author: sherl0ck sherl0ck at alligatorteam dot org Software Link: http://downloads.wordpress.org/plugin/tweet-old-post.zip Version: 3.2.5 tested --------------- P...

WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27123/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...

CVE-2014-4030

Cross-site request forgery CSRF vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php...