33 matches found
PT-2024-17972 · WordPress · Colibri Wp
Name of the Vulnerable Software and Affected Versions: Colibri WP theme for WordPress versions up to, and including, 1.0.94 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the colibriwp install plugin function. This allows...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-00615)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the theme-namefallback feature of the...
CVE-2017-5490
Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...
FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: -------------------------...
WordPress Slash Theme XSS / Spoofing / Disclosure Vulnerabilities
The Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities. Hello list! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site...
WordPress Slash Theme XSS / Spoofing / Disclosure
Hello list! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: -------------------------...
Multiple vulnerabilities in Chocolate WP theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...
WordPress Chocolate WP Theme Multiple vulnerabilities
These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site...
WordPress Chocolate Theme XSS / Denial Of Service / Shell Upload
Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...
CVE-2011-3860
Cross-site scripting XSS vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3860
The CVE-2011-3860 entry describes a cross-site scripting (XSS) vulnerability in the WordPress Cover WP theme prior to version 1.6.6. The issue affects the theme’s s parameter, allowing remote attackers to inject arbitrary scripts or HTML. Root cause is improper handling/cleanup of user input in t...
WordPress Cover WP Theme 1.6.5 - Cross Site Scripting
WordPress Cover WP theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-base...