CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...

Gwolle Guestbook WordPress Plugin Remote File Inclusion Vulnerability

Gwolle Guestbook WordPress is a visiting message board plugin for WordPress sites. Gwolle Guestbook WordPress 1.5.3 and earlier versions do not effectively filter the value of the "abspath" HTTP GET parameter, used in the PHP require function, which allows remote attackers to include a file named...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

CVE-2012-2109

The CVE-2012-2109 entry relates to a SQL injection in the BuddyPress WordPress plugin (1.5.x before 1.5.5) triggered via the page parameter in an activity_widget_filter action. Affected component is BuddyPress plugin for WordPress; root cause is unsafely constructed SQL from user-controllable inp...