46571 matches found
WordPress Like Dislike Counter Plugin 1.2.3 - SQL Injection
This WordPress Like Dislike Counter plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Disqus Comment System Plugin <= 2.77 - Multiple CSRF
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that activate or deactivate the plugin via the "active" parameter to wp-admin/edit-comments.php. Solution Update the plugin...
WordPress WP Content Source Control Plugin - Directory Traversal
This WP Content Source Control plugin is prone to a directory-traversal vulnerability via "download.php". It fails to clean up user-supplied input. Using this plugin allows an attacker to obtain an important information which could aid in further attacks. Solution Upgrade the plugin...
WordPress Quartz Plugin <= 1.01.1 - SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands in an edit action in the quartz/quoteform.php page to wp-admin/edit.php via the "quote" parameter. Solution Update the plugin...
WordPress StripShow Plugin <= 2.5.2 - SQL Injection
Because of this vulnerability in the stripshow-storylines page, remote authenticated administrators can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "story" parameter. Solution Update the plugin...
WordPress Skeptical Theme - Remote Code Execution
There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress Nuance Theme - Shell Upload Exploit
WordPress Nuance theme is prone to a shell upload exploit via the valums uploader. Solution Update the theme...
WordPress Delicious Magazine Theme - Remote Code Execution
There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress WhyDoWork AdSense Plugin - Multiple Vulnerabilities
WhyDoWork AdSense plugin is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. These vulnerabilities allow an attacker to execute arbitrary script code in the browser, also, steal cookie-based authentication credentials. Solution Update the plugin...
WordPress BannerMan Plugin <= 0.2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "bannermanbackground" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress WP Construction Mode Plugin <= 1.8 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "wuclogo" parameter in a save action to wp-admin/admin.php. Solution Update the plugin...
WordPress WebEngage Plugin <= 2.0.0 - XSS
Because of this vulnerability in resize.php, the attackers to inject arbitrary web script or HTML via the "height" parameter or renderer.php or callback.php. Solution Update the plugin...
WordPress Amazon Affiliate Shop Plugin <= 0.9.6 - Local File Inclusion
This vulnerability is in reviews.php. It allows the attackers to read arbitrary files via a full pathname in the "url" parameter. Solution Update the plugin...
WordPress Facebook Promotion Plugin <= 1.3.4 - Multiple XSS
Because of these vulnerabilities in admin/swarm-settings.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Swipe Checkout for Jigoshop Plugin <= 3.1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "apiurl" parameter. Solution Update the plugin...
WordPress Wikipop Plugin <= 2.0 - XSS
Because of this vulnerability in js/window.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
WordPress GEO Redirect Plugin <= 1.0.1 - XSS
Because of this vulnerability in ajaxfunctions.php, the attackers can inject arbitrary web script or HTML via the "hidid" parameter. Solution Update the plugin...
WordPress URL Cloak & Encrypt Plugin <= 2.0 - XSS
Because of this vulnerability in go.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...
WordPress Oleggo LiveStream Plugin <= 0.2.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Validated Plugin <= 1.0.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...
WordPress Member Approval Plugin <= 131109 - CSRF
Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...
WordPress GD Star Rating Plugin <= 19.22 - Multiple CSRF
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct SQL injection attacks or cross-site scripting XSS attacks. Solution Update the plugin...
WordPress Ajax Pagination Plugin 1.1 - Local File Inclusion
Ajax Pagination plugin is prone to a file inclusion vulnerability. It is exploitable by an unauthenticated user, who can include any local file ending in “.php” which is accessible to the web user. Solution Upgrade the plugin...
WordPress <= 3.3.2 - Multiple Vulnerabilities
Because of these vulnerabilities, the attackers can obtain sensitive information or bypass intended media-attachment restrictions via a "postid" value. Solution Update the plugin...
WordPress Think Responsive Themes 1.0 - Arbitrary File Upload
WordPress Think Responsive themes are prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the theme...
WordPress Social Sharing Toolkit Plugin <= 2.1.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...
WordPress Spreadsheet Plugin <= 2.0 - Cross Site Scripting
Because of this vulnerability in codebase/spreadsheet.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...
WordPress Spicy Blogroll Plugin - File Inclusion
WordPress Spicy Blogroll plugin is prone to a file inclusion vulnerability. Solution Update the plugin...
WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection
This WordPress ProPlayer plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Related Posts Plugin <= 1.3.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change settings via unknown vectors. Solution Update the plugin...
WordPress Calendar Plugin <= 1.3.2 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Solution Update the plugin...
WordPress Marekkis Watermark Plugin <= 0.9.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "pfad" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress Shortcode Redirect Plugin <= 1.0.01 - Multiple XSS
Because of these vulnerabilities, the authenticated users with certain permissions can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 3.4.2 - CSRF
Because of this vulnerability in wp-admin/index.php, the attackers can hijack the authentication of administrators for requests. Solution Update WordPress...
WordPress Image News Slider Plugin <= 3.2 - Unspecified vulnerability
Because of this vulnerability, this plugin has unspecified impact and remote attack vectors. Solution Update the plugin...
WordPress ThreeWP Email Reflector Plugin - Stored XSS
ThreeWP Email Reflector plugin is prone to a stored XSS vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...
WordPress Effective Lead Management plugin <= 3.0.0 - Persistent Cross-Site Scripting (XSS) vulnerability
Effective Lead Management plugin is prone to a persistent XSS vulnerability. If the Javascript is included in the name or in the "requirements" field, this vulnerability will fire the admin views the lead management page. Solution Deactivate and delete. This plugin has been closed and is no longe...
WordPress Newsletter Plugin 1.5 - Remote File Disclosure
WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel. Solution Update the plugin...
WordPress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure
WordPress Simple Download Button Shortcode plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel...
WordPress FCChat Widget Plugin 2.2.x - Arbitrary File Upload
FCChat Widget plugin's "Upload.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also...
WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload
Font Uploader plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
MM Forms Community plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
WordPress SABRE Plugin <= 2.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "activeoption" parameter to wp-admin/tools.php. Solution Update the plugin...
WordPress WP-PostRatings plugin <= 1.61 - SQL Injecion (SQLi) vulnerability
Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the rating shortcode when creating a post. Solution Update the plugin to the latest available version at least 1.62...
WordPress Advanced Text Widget Plugin 2.0 - Cross Site Scripting
WordPress Advanced Text Widget plugin's "page" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress <= 3.0.4 - Information Disclosure Vulnerability
Because of this vulnerability, the attackers can obtain sensitive information via a direct request. Solution Update WordPress...
WordPress ProPlayer Plugin <= 4.7.7 - SQL Injection
This WordPress ProPlayer plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress GRAND Flash Album Gallery Plugin 0.55 - Multiple Vulnerabilities
There are several vulnerabilities in this WordPress GRAND Flash Album Gallery plugin. First vulnerability is SQL injection that exists because of failure in the "/wp-content/plugins/flash-album-gallery/lib/hitcounter.php" script to properly sanitize user-supplied input in "pid" variable. It allow...
WordPress IGIT Posts Slider Widget Plugin 1.0 - Cross-Site Scripting
IGIT Posts Slider Widget plugin's "src" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
WordPress User Photo Component - Remote File Upload
Remote file upload vulnerability was found in this plugin. When photo is uploaded, it is validated only partially. There is a possibility to upload a backdoor on the server hosting WordPress and it can be executed independently from that if the photo has not been yet approved. Also, there is a...