WordPress ClickBank Affiliate Ads plugin <= 1.20 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Kaustubh G. Padwad in WordPress ClickBank Affiliate Ads plugin versions = 1.20. Solution Update the WordPress ClickBank Affiliate Ads plugin to the latest available version at least 1.35...

WordPress WP Photo Album Plus Plugin <= 6.1.2 - Multiple XSS

Because of these vulnerabilities in wppa-ajax-front.php, the attackers can inject arbitrary web script or HTML via the "comemail" or "comname" parameters. Solution Update the plugin...

WordPress Slimstat Plugin <= 3.9.1 - XSS

This vulnerability is in the Save Filters functionality. It allows the attackers to inject arbitrary web script or HTML via the "fsresource" parameter. Solution Update the plugin...

WordPress Simple Sticky Footer Plugin <= 1.3.2 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

WordPress <= 4.0.0 - SSRF

wp-includes/http.php in WordPress allows the attackers to conduct server-side request forgery attacks by referring to a 127.0.0.0/8 resource. Solution Update WordPress...

WordPress Cross References Plugin <= 1.7 - Local File Inclusion

Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php. Solution Update the plugin...

WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload

MailPoet Wysija NewsLetters plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admininit" hook that is executed for unauthenticated users when accessing a specific URL. Solution Upgrade the plugin...

WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS

Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...

WordPress Conversion Ninja Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter to lp/index.php. Solution Update the plugin...

WordPress Search Everything Plugin <= 7.0.2 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "s" parameter to index.php. Solution Update the plugin...

WordPress <= 3.3.2 - Information Disclosure

Because of this vulnerability, the authenticated users can obtain sensitive information by visiting a draft. Solution Update the plugin...

WordPress prettyPhoto Plugin <= 3.1.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via a crafted PATHINTO to the default URI. Solution Update the plugin...

WordPress SAICO Theme 1.0-1.0.2 - Arbitrary File Upload

WordPress SAICO theme is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the theme...

WordPress WP Cleanfix Plugin - Cross Site Request Forgery

WP Cleanfix plugin is prone to a cross site request forgery vulnerability. It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update the plugin...

WordPress Apptha Video Gallery Plugin <= 2.0 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "playid" parameter to index.php. Solution Update the plugin...

WordPress Digg Digg Plugin <= 5.3.4 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that modify settings via unspecified vectors. Solution Update the plugin...

WordPress WP125 Plugin <= 1.4.9 - CSRF

Because of this vulnerability in the adminmenus.php, the attackers can hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. Solution Update the plugin...

WordPress Symposium Plugin <= 13.03 - Open Redirection

Because of this vulnerability in invite.php, the attackers can redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "u" parameter. Solution Update the plugin...

WordPress Smart Flv Plugin - Multiple Cross Site Scripting Vulnerabilities

Smart Flv plugin is prone to multiple cross-site scripting vulnerabilities because of failure to properly clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser of an user in the context of the affected site. Other attacks are also possible. Solution...

WordPress <= 3.5.1 - Multiple SSRF

Because of these vulnerabilities, the attackers can send HTTP requests to intranet servers via unspecified vectors. Solution Update WordPress...

WordPress Responsive Logo Slideshow Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "URL and Image" field. Solution Update the plugin...

WordPress NextGEN Gallery Plugin - Path Disclosure Vulnerability

This NextGEN Gallery plugin is prone to a path-disclosure vulnerability. It allows anr attacker to obtain sensitive information that may lead to further attacks. Solution Update the plugin...

WordPress All Video Gallery Plugin 1.1 - SQL Injection Vulnerability

This WordPress All Video Gallery plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress White Label CMS Plugin <= 1.5 - XSS

Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...

WordPress Zingiri Plugin <= 1.4.3 - Directory Traversal

Because of this vulnerability in forum.php, attackers can read arbitrary files in the "url" parameter to index.php. Solution Update the plugin...

WordPress Download Monitor Plugin - Cross Site Scripting

WordPress Download Monitor plugin's "dlsearch" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

WordPress <= 3.4.1 - Multiple vulnerabilities

Multiple vulnerabilities are in the wp-admin/plugins.php. Because of that, remote authenticated users can make unintended plugin changes by leveraging the Administrator role. Solution Update WordPress...

WordPress BulletProof Security Plugin <= .47.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTPACCEPTENCODING header. Solution Update the plugin...

WordPress Better WP Security Plugin <= 3.2.4 - Multiple XSS

Because of this vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors related to "server variables". Solution Update the plugin...

WordPress <= 3.3.1 - XSS #2

The attackers can conduct cross-site scripting attacks via unspecified vectors, because of wp-includes/formatting.php in attempts to enable clickable links inside attributes. Solution Update WordPress...

WordPress <= 3.3.1 - CSRF and XSS

There are cross site scripting and cross site request forgery vulnerabilities via SWF Applets. Solution Update WordPress...

WordPress <= 3.1.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...

WordPress Lanoba Social Plugin 1.0 - Cross Site Scripting

WordPress Lanoba Social plugin's "action" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

WordPress WPtouch Plugin - SQL Injection Vulnerability

WPtouch plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress F8 Lite Theme 4.2.1 - Cross Site Scripting

WordPress F8 Lite theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

WordPress <= 3.1.2 - Unspecified vulnerability #1

Because of this vulnerability, there are unknown impact and attack vectors related to "Various security hardening." in this WordPress version. Solution Update WordPress...

WordPress <= 3.1.2 - Multiple vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive data via vectors related to wp-includes/post.php. Solution Update WordPress...

WordPress <= 2.8.4 - Algorithmic complexity

Because of this vulnerability in wp-trackback.php, the attackers can cause a denial of service attacks. Solution Update WordPress...

WordPress <= 2.8.2 - Multiple Vulnerabilities #2

Because of these vulnerabilities, the attackers can gain privileges via a direct request to edit-link-category-form.php, admin-footer.php, edit-page-form.php, edit-category-form.php or edit-form-comment.php. Solution Update WordPress...

WordPress FireStats Plugin <= 1.6.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...

WordPress <= 2.6.3 - Cross Site Request Forgery

Because of this vulnerability, the attackers can conduct delayed and persistent cross-site request forgery attacks via crafted cookies. Solution Update WordPress...

WordPress DMSGuestbook Plugin <= 1.8.0 - Multiple XSS vulnerabilities

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Math Comment Spam Protection Plugin <= 2.1 - XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress PictPress Plugin <= 0.91 - Multiple Directory Traversal

Because of these vulnerabilities in resize.php, the attackers can read arbitrary files in the "size" or "path" parameter. Solution Update the plugin...

WordPress Feed Reader Plugin <= 3.10 - XSS

Because of this vulnerability in the internal browser, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress <= 2.2 - SQL Injection

Because of this vulnerability in xmlrpc.php, the authenticated users can execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall. Solution Update WordPress...

WordPress WP Table Plugin <= 1.43 - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...

WordPress <= 1.4.5 - Multiple Vulnerabilities

Becase of these vulnerabilities, the attackers can determine the existence of arbitrary files and possibly read portions of certain files. Solution Update the WordPress to the latest available version at least 1.4.6...

WordPress <= 2.0.5 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

WordPress <= 2.0.3 - Full Path Disclosure

Because of this vulnerabilitity, attackers can obtain the installation path via a direct request to various files for the example, wp-includes directories, wp-content, and wp-admin. Solution Update the WordPress to the latest available version at least 2.0.4...