Lucene search
K
PatchstackMost viewed

46571 matches found

Patchstack
Patchstack
added 2014/09/07 12:0 a.m.17 views

WordPress Like Dislike Counter Plugin 1.2.3 - SQL Injection

This WordPress Like Dislike Counter plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/19 12:0 a.m.17 views

WordPress Disqus Comment System Plugin <= 2.77 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that activate or deactivate the plugin via the "active" parameter to wp-admin/edit-comments.php. Solution Update the plugin...

6.8CVSS5.3AI score0.0267EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/19 12:0 a.m.17 views

WordPress WP Content Source Control Plugin - Directory Traversal

This WP Content Source Control plugin is prone to a directory-traversal vulnerability via "download.php". It fails to clean up user-supplied input. Using this plugin allows an attacker to obtain an important information which could aid in further attacks. Solution Upgrade the plugin...

5CVSS4.2AI score0.18817EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/06 12:0 a.m.17 views

WordPress Quartz Plugin <= 1.01.1 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands in an edit action in the quartz/quoteform.php page to wp-admin/edit.php via the "quote" parameter. Solution Update the plugin...

6CVSS6.6AI score0.01943EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/06 12:0 a.m.17 views

WordPress StripShow Plugin <= 2.5.2 - SQL Injection

Because of this vulnerability in the stripshow-storylines page, remote authenticated administrators can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "story" parameter. Solution Update the plugin...

6.5CVSS6.6AI score0.01585EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.17 views

WordPress Skeptical Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.17 views

WordPress Nuance Theme - Shell Upload Exploit

WordPress Nuance theme is prone to a shell upload exploit via the valums uploader. Solution Update the theme...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.17 views

WordPress Delicious Magazine Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

5.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/07/28 12:0 a.m.17 views

WordPress WhyDoWork AdSense Plugin - Multiple Vulnerabilities

WhyDoWork AdSense plugin is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. These vulnerabilities allow an attacker to execute arbitrary script code in the browser, also, steal cookie-based authentication credentials. Solution Update the plugin...

6.8CVSS3.6AI score0.02693EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/07/10 12:0 a.m.17 views

WordPress BannerMan Plugin <= 0.2.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "bannermanbackground" parameter to wp-admin/options-general.php. Solution Update the plugin...

4.3CVSS3AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/07/10 12:0 a.m.17 views

WordPress WP Construction Mode Plugin <= 1.8 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "wuclogo" parameter in a save action to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS3.2AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress WebEngage Plugin <= 2.0.0 - XSS

Because of this vulnerability in resize.php, the attackers to inject arbitrary web script or HTML via the "height" parameter or renderer.php or callback.php. Solution Update the plugin...

4.3CVSS2.7AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Amazon Affiliate Shop Plugin <= 0.9.6 - Local File Inclusion

This vulnerability is in reviews.php. It allows the attackers to read arbitrary files via a full pathname in the "url" parameter. Solution Update the plugin...

5CVSS5AI score0.03749EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Facebook Promotion Plugin <= 1.3.4 - Multiple XSS

Because of these vulnerabilities in admin/swarm-settings.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS3.1AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Swipe Checkout for Jigoshop Plugin <= 3.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "apiurl" parameter. Solution Update the plugin...

4.3CVSS2.4AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Wikipop Plugin <= 2.0 - XSS

Because of this vulnerability in js/window.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress GEO Redirect Plugin <= 1.0.1 - XSS

Because of this vulnerability in ajaxfunctions.php, the attackers can inject arbitrary web script or HTML via the "hidid" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress URL Cloak & Encrypt Plugin <= 2.0 - XSS

Because of this vulnerability in go.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Oleggo LiveStream Plugin <= 0.2.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.1AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.17 views

WordPress Validated Plugin <= 1.0.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/05/23 12:0 a.m.17 views

WordPress Member Approval Plugin <= 131109 - CSRF

Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...

6.8CVSS5.7AI score0.01024EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/04/10 12:0 a.m.17 views

WordPress GD Star Rating Plugin <= 19.22 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct SQL injection attacks or cross-site scripting XSS attacks. Solution Update the plugin...

6.8CVSS3.2AI score0.01014EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/03/31 12:0 a.m.17 views

WordPress Ajax Pagination Plugin 1.1 - Local File Inclusion

Ajax Pagination plugin is prone to a file inclusion vulnerability. It is exploitable by an unauthenticated user, who can include any local file ending in “.php” which is accessible to the web user. Solution Upgrade the plugin...

7.5CVSS2.5AI score0.15675EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/01/20 12:0 a.m.17 views

WordPress <= 3.3.2 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information or bypass intended media-attachment restrictions via a "postid" value. Solution Update the plugin...

6.4CVSS4.8AI score0.02497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/11/01 12:0 a.m.17 views

WordPress Think Responsive Themes 1.0 - Arbitrary File Upload

WordPress Think Responsive themes are prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the theme...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/10/25 12:0 a.m.17 views

WordPress Social Sharing Toolkit Plugin <= 2.1.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS2.9AI score0.01602EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/10/25 12:0 a.m.17 views

WordPress Spreadsheet Plugin <= 2.0 - Cross Site Scripting

Because of this vulnerability in codebase/spreadsheet.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...

4.3CVSS2.6AI score0.0522EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/07/13 12:0 a.m.17 views

WordPress Spicy Blogroll Plugin - File Inclusion

WordPress Spicy Blogroll plugin is prone to a file inclusion vulnerability. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/05/21 12:0 a.m.17 views

WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection

This WordPress ProPlayer plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/05/07 12:0 a.m.17 views

WordPress Related Posts Plugin <= 1.3.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change settings via unknown vectors. Solution Update the plugin...

6.8CVSS5.5AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.17 views

WordPress Calendar Plugin <= 1.3.2 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Solution Update the plugin...

6.8CVSS5.1AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/02/18 12:0 a.m.17 views

WordPress Marekkis Watermark Plugin <= 0.9.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "pfad" parameter to wp-admin/options-general.php. Solution Update the plugin...

4.3CVSS3AI score0.02053EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/10/08 12:0 a.m.17 views

WordPress Shortcode Redirect Plugin <= 1.0.01 - Multiple XSS

Because of these vulnerabilities, the authenticated users with certain permissions can inject arbitrary web script or HTML. Solution Update the plugin...

2.1CVSS1.1AI score0.0158EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/21 12:0 a.m.17 views

WordPress <= 3.4.2 - CSRF

Because of this vulnerability in wp-admin/index.php, the attackers can hijack the authentication of administrators for requests. Solution Update WordPress...

6.8CVSS4.4AI score0.01146EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/14 12:0 a.m.17 views

WordPress Image News Slider Plugin <= 3.2 - Unspecified vulnerability

Because of this vulnerability, this plugin has unspecified impact and remote attack vectors. Solution Update the plugin...

7.5CVSS6.6AI score0.02279EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/08 12:0 a.m.17 views

WordPress ThreeWP Email Reflector Plugin - Stored XSS

ThreeWP Email Reflector plugin is prone to a stored XSS vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

4.3CVSS2.7AI score0.041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/05 12:0 a.m.17 views

WordPress Effective Lead Management plugin <= 3.0.0 - Persistent Cross-Site Scripting (XSS) vulnerability

Effective Lead Management plugin is prone to a persistent XSS vulnerability. If the Javascript is included in the name or in the "requirements" field, this vulnerability will fire the admin views the lead management page. Solution Deactivate and delete. This plugin has been closed and is no longe...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/06/08 12:0 a.m.17 views

WordPress Newsletter Plugin 1.5 - Remote File Disclosure

WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel. Solution Update the plugin...

5CVSS3.9AI score0.10703EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/08 12:0 a.m.17 views

WordPress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure

WordPress Simple Download Button Shortcode plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/06/07 12:0 a.m.17 views

WordPress FCChat Widget Plugin 2.2.x - Arbitrary File Upload

FCChat Widget plugin's "Upload.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also...

6.8CVSS1.9AI score0.07694EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/06 12:0 a.m.17 views

WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload

Font Uploader plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

7.5CVSS1.9AI score0.10336EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/06 12:0 a.m.17 views

WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload

MM Forms Community plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

7.5CVSS2AI score0.11748EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/05/21 12:0 a.m.17 views

WordPress SABRE Plugin <= 2.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "activeoption" parameter to wp-admin/tools.php. Solution Update the plugin...

4.3CVSS2.8AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/11/30 12:0 a.m.17 views

WordPress WP-PostRatings plugin <= 1.61 - SQL Injecion (SQLi) vulnerability

Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the rating shortcode when creating a post. Solution Update the plugin to the latest available version at least 1.62...

6CVSS6.1AI score0.01631EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/11/21 12:0 a.m.17 views

WordPress Advanced Text Widget Plugin 2.0 - Cross Site Scripting

WordPress Advanced Text Widget plugin's "page" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS2AI score0.10083EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/23 12:0 a.m.17 views

WordPress <= 3.0.4 - Information Disclosure Vulnerability

Because of this vulnerability, the attackers can obtain sensitive information via a direct request. Solution Update WordPress...

5CVSS3.5AI score0.02269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/08/05 12:0 a.m.17 views

WordPress ProPlayer Plugin <= 4.7.7 - SQL Injection

This WordPress ProPlayer plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/03/08 12:0 a.m.17 views

WordPress GRAND Flash Album Gallery Plugin 0.55 - Multiple Vulnerabilities

There are several vulnerabilities in this WordPress GRAND Flash Album Gallery plugin. First vulnerability is SQL injection that exists because of failure in the "/wp-content/plugins/flash-album-gallery/lib/hitcounter.php" script to properly sanitize user-supplied input in "pid" variable. It allow...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/02/23 12:0 a.m.17 views

WordPress IGIT Posts Slider Widget Plugin 1.0 - Cross-Site Scripting

IGIT Posts Slider Widget plugin's "src" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/02/17 12:0 a.m.17 views

WordPress User Photo Component - Remote File Upload

Remote file upload vulnerability was found in this plugin. When photo is uploaded, it is validated only partially. There is a possibility to upload a backdoor on the server hosting WordPress and it can be executed independently from that if the photo has not been yet approved. Also, there is a...

8.8CVSS1.7AI score0.1214EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000