25 matches found
EUVD-2019-16843
Malware in sbrugna...
EUVD-2014-1160
Malware in sbrugna...
EUVD-2014-1159
Malware in sbrugna...
CVE-2014-10391
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...
WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...
Sql injection
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
CVE-2019-15331
The CVE-2019-15331 entry concerns the WordPress plugin wp-support-plus-responsive-ticket-system, affected in all versions prior to 9.1.2. Multiple connected sources confirm a vulnerability described as HTML injection / stored cross-site scripting (XSS) in this plugin. The vulnerability stems from...
CVE-2016-10930
The CVE-2016-10930 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System. Affected component: the wp-support-plus-responsive-ticket-system plugin for WordPress. Root cause: insecure direct object reference via a ticket number in the plugin prior to version 7.1.0. Impact: po...
CVE-2014-10387
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
CVE-2014-10387
The CVE-2014-10387 incident concerns the WordPress plugin WP Support Plus Responsive Ticket System (affected: before version 4.2). The vulnerability is an SQL injection in the plugin, exposing potential disclosure/modification of data and impact to availability, as indicated by CVSS metrics (UP t...
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...
CVE-2014-10388
CVE-2014-10388 affects the WordPress plugin wp-support-plus-responsive-ticket-system prior to version 4.2. Multiple connected sources (RH, NVD, CVE lists, WPVulnDB) consistently describe a full path disclosure vulnerability in this plugin, enabling disclosure of server file paths. Public details ...
CVE-2014-10391
The CVE-2014-10391 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System, specifically versions prior to 4.1. The vulnerability is a JavaScript injection (XSS) flaw caused by insufficient validation of client-side data in the plugin. Impact is that an attacker could trigger...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the submitticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in...
CVE-2019-7299
CVE-2019-7299 concerns a stored XSS in the WP Support Plus Responsive Ticket System WordPress plugin, specifically in submit_ticket.php (path: wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php) for version 9.1.1. The vulnerability allows injection of arbi...
WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution (RCE)
WP Support Plus Responsive Ticket System = 8.0.7 allows anyone to upload PHP files with extensions like ".phtml", ".php4", ".php5", and so on, all of which are run as if their extension was ".php" on most hosting platforms. This is because "includes/admin/attachment/uploadAttachment.php" contains...
WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation
You can login as anyone without knowing password because of incorrect usage of wpsetauthcookie. PoC Username:...