Lucene search
K

137 matches found

Cvelist
Cvelist
added 2018/10/08 10:0 p.m.31 views

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

6AI score0.13207EPSS
Exploits2References1
CVE
CVE
added 2018/10/08 10:0 p.m.91 views

CVE-2018-18069

The CVE-2018-18069 entry concerns the WordPress plugin sitepress-multilingual-cms (WPML) up to version 3.6.3. A Cross-Site Scripting (XSS) flaw exists in the process_forms function via any locale_file_name_ parameter (e.g., locale_file_name_en) when making an authenticated request to wp-admin/adm...

6.1CVSS5.9AI score0.13207EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2018/10/08 12:0 a.m.61 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 6.1...

4.3CVSS0.6AI score0.13207EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2018/10/08 12:0 a.m.23 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT...

4.3CVSS0.5AI score0.13207EPSS
Exploits2References1Affected Software1
seebug.org
seebug.org
added 2016/03/28 12:0 a.m.23 views

WordPress WPML reminder_popup 跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/03/22 11:54 p.m.25 views

Uber: SQLi in love.uber.com

@iad found an SQL Injection vulnerability in one of our Wordpress blog's plugins the website being love.uber.com. This blog was hosted at WPEngine and did not contain any of our user's information. However due to our previously vague bug bounty rules we decided to reward the maximum of 3,000$ sin...

8.5AI score
Exploits0
Hacker One
Hacker One
added 2016/02/18 3:27 a.m.101 views

Uber: Multiple Vulnerabilities (Including SQLi) in love.uber.com

Hi, I noticed you are using a critically vulnerable version of WMPL. By accessing http://love.uber.com/wp-content/plugins/sitepress-multilingual-cms/changelog.md, Attacker could find out http://love.uber.com/ is running WMPL version 3.1.8.4 Which is Vulnerable to, 1. SQL injection which gives ful...

6.4CVSS7.3AI score0.13386EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/01/26 12:0 a.m.24 views

WordPress WPML Plugin SQL Injection (CVE-2015-2314)

An SQL injection vulnerability exists in the WPML plugin for WordPress, allowing remote attackers to execute arbitrary SQL commands...

7.5CVSS7.2AI score0.07069EPSS
Exploits1
Patchstack
Patchstack
added 2015/09/02 12:0 a.m.7 views

WordPress WPML Plugin <= 3.2.6 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in accept-language header. Solution Update the plugin...

1.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/02 12:0 a.m.30 views

WPML 2.9.3-3.2.6 - Cross-Site Scripting (XSS) in Accept-Language Header

The sitepress-multilingual-cms WordPress plugin was affected by a Cross-Site Scripting XSS in Accept-Language Header security vulnerability...

4.3CVSS0.7AI score0.0102EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2015/03/30 2:59 p.m.28 views

CVE-2015-2792

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...

7.5CVSS6.9AI score0.038EPSS
Exploits1References4
NVD
NVD
added 2015/03/30 2:59 p.m.17 views

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

6.4CVSS6.7AI score0.13386EPSS
Exploits1References5
Prion
Prion
added 2015/03/30 2:59 p.m.31 views

Design/Logic Flaw

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...

7.5CVSS7.4AI score0.038EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/03/30 2:59 p.m.22 views

Design/Logic Flaw

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

6.4CVSS7.3AI score0.13386EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2015/03/30 2:0 p.m.59 views

CVE-2015-2792

The CVE-2015-2792 entry concerns the WordPress WPML plugin prior to 3.1.9. It describes a vulnerability where the plugin does not properly handle multiple actions in a single request, allowing an attacker to bypass nonce checks and perform arbitrary actions by including an action parameter in bot...

7.5CVSS7.1AI score0.038EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/03/30 2:0 p.m.26 views

CVE-2015-2791

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

6.7AI score0.13386EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/03/30 2:0 p.m.28 views

CVE-2015-2792

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET...

6.9AI score0.038EPSS
Exploits1References4
CVE
CVE
added 2015/03/30 2:0 p.m.61 views

CVE-2015-2791

CVE-2015-2791 affects the WordPress WPML plugin prior to 3.1.9. The vulnerability is in the plugin’s menu sync function and allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. The evidence base also notes bro...

6.4CVSS6.9AI score0.13386EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2015/03/30 12:0 a.m.19 views

WordPress WPML Plugin <= 3.1.8 - SQL Injection #1

Because of the "menu sync" function, remote attackers can delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. Related records:...

6.4CVSS3.9AI score0.13386EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2015/03/19 12:0 a.m.6 views

WordPress WPML plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WPML is one of the multi-language plug-ins. A SQL injection vulnerability exists in versions of the WordPress WPML...

7.5CVSS8.4AI score0.07069EPSS
Exploits1References1
Rows per page
Query Builder