46684 matches found
WordPress Tom M8te Plugin <= 1.5.3 - Local File Inclusion
Because of this vulnerability, the attackers can read arbitrary files via the "file" parameter to tom-download-file.php. Solution Upgrade the plugin...
WordPress Cross References Plugin <= 1.7 - Local File Inclusion
Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php. Solution Update the plugin...
WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload
MailPoet Wysija NewsLetters plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admininit" hook that is executed for unauthenticated users when accessing a specific URL. Solution Upgrade the plugin...
WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS
Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...
WordPress Conversion Ninja Plugin - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter to lp/index.php. Solution Update the plugin...
WordPress Search Everything Plugin <= 7.0.2 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "s" parameter to index.php. Solution Update the plugin...
WordPress Buddypress Plugin 1.9.1 - Privilege Escalation
Buddypress plugin is prone tu vulnerability that allows an attacker to take control of every group change name, description, avatar and settings. Solution Upgrade the plugin...
WordPress <= 3.3.2 - Cross Site Scripting
Because of this vulnerability in wp-includes/default-filters.php, the attackers can inject arbitrary web script or HTML via an editable slug field. Solution Update the plugin...
WordPress Download Manager Free & Pro Plugin 2.5.8 - Persistent Cross Site Scripting
Download Manager Free & Pro plugin is prone to a persistent XSS vulnerability. The title input field is not sanitized and therefor vulnerable to persistent cross site scripting. Solution Upgrade the plugin...
WordPress SAICO Theme 1.0-1.0.2 - Arbitrary File Upload
WordPress SAICO theme is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the theme...
WordPress Lazy SEO Plugin 1.1.9 - Shell Upload
This Lazy SEO plugin is prone to a shell upload vulnerability, in which the administrator or author could upload shell script, in the other words, default settings. Solution Update the plugin...
WordPress WP Cleanfix Plugin - Cross Site Request Forgery
WP Cleanfix plugin is prone to a cross site request forgery vulnerability. It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update the plugin...
WordPress <= 3.5.1 - Multiple SSRF
Because of these vulnerabilities, the attackers can send HTTP requests to intranet servers via unspecified vectors. Solution Update WordPress...
WordPress AJAX Post Search Plugin <= 1.2 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "srchtxt" parameter. Solution Update the plugin...
WordPress Sentinel Plugin <= 1.0.0 - Cross Site Scripting
Because of this vulnerability in wordpresssentinel.php, the attackers can inject arbitrary web script or HTML via unknown vectors. Solution Update the plugin...
WordPress Sentinel Plugin <= 1.0.0 - CSRF
Because of this vulnerability in wordpresssentinel.php, the attackers can hijack the authentication of an administrator for requests that trigger snapshots. Solution Update the plugin...
WordPress BackWPup Plugin <= 1.4.0 - Directory Traversal
because of this vulnerability, the attackers can read arbitrary files in the "wpabs parameter". Solution Update the plugin...
WordPress Better WP Security Plugin <= 3.2.4 - Multiple XSS
Because of this vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors related to "server variables". Solution Update the plugin...
WordPress <= 3.4.0 - Multiple Vulnerabilities
Because of multiple vulnerabilities in this version of WordPress, remote authors or contributors can obtain sensitive information via unknown vectors. Solution Update WordPress...
WordPress <= 3.3.1 - XSS #2
The attackers can conduct cross-site scripting attacks via unspecified vectors, because of wp-includes/formatting.php in attempts to enable clickable links inside attributes. Solution Update WordPress...
WordPress <= 3.3.1 - CSRF and XSS
There are cross site scripting and cross site request forgery vulnerabilities via SWF Applets. Solution Update WordPress...
WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Remote Code Execution
Because of this vulnerability, the attackers can execute arbitrary commands via unspecified vectors. Solution Update the plugin...
WordPress <= 3.1.0 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...
WordPress WPtouch Plugin - SQL Injection Vulnerability
WPtouch plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress The Erudite Theme <= XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "cpage" parameter. Solution Update the theme...
WordPress F8 Lite Theme 4.2.1 - Cross Site Scripting
WordPress F8 Lite theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress <= 3.1.2 - Unspecified vulnerability #1
Because of this vulnerability, there are unknown impact and attack vectors related to "Various security hardening." in this WordPress version. Solution Update WordPress...
WordPress <= 3.1.2 - Multiple vulnerabilities
Because of these vulnerabilities, the attackers can obtain sensitive data via vectors related to wp-includes/post.php. Solution Update WordPress...
WordPress <= 3.0.4 - Multiple Security Vulnerabilities
Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...
WordPress <= 2.8.2 - Multiple Vulnerabilities #2
Because of these vulnerabilities, the attackers can gain privileges via a direct request to edit-link-category-form.php, admin-footer.php, edit-page-form.php, edit-category-form.php or edit-form-comment.php. Solution Update WordPress...
WordPress FireStats Plugin <= 1.6.1 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...
WordPress <= 2.6.3 - Cross Site Request Forgery
Because of this vulnerability, the attackers can conduct delayed and persistent cross-site request forgery attacks via crafted cookies. Solution Update WordPress...
WordPress PictPress Plugin <= 0.91 - Multiple Directory Traversal
Because of these vulnerabilities in resize.php, the attackers can read arbitrary files in the "size" or "path" parameter. Solution Update the plugin...
WordPress Feed Reader Plugin <= 3.10 - XSS
Because of this vulnerability in the internal browser, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 2.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "useremail" parameter. Solution Update WordPress...
WordPress Automattic Stats Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTP Referer field. Solution Update the plugin...
WordPress <= 2.2 - SQL Injection
Because of this vulnerability in xmlrpc.php, the authenticated users can execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall. Solution Update WordPress...
WordPress WP Table Plugin <= 1.43 - Remote File Inclusion
Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...
WordPress <= 1.4.5 - Multiple Vulnerabilities
Becase of these vulnerabilities, the attackers can determine the existence of arbitrary files and possibly read portions of certain files. Solution Update the WordPress to the latest available version at least 1.4.6...
WordPress <= 2.0.4 - Denial of Service Attacks
The authenticated users can cause a denial of service attacks, because this WordPress version does not properly store a profile containing a string representation of a serialized object. Solution Update WordPress...
WordPress <= 2.0.3 - Full Path Disclosure
Because of this vulnerabilitity, attackers can obtain the installation path via a direct request to various files for the example, wp-includes directories, wp-content, and wp-admin. Solution Update the WordPress to the latest available version at least 2.0.4...
WordPress <=1.5 - SQL injection vulnerability
Because of this vulnerability in wp-trackback.php, attackers can execute arbitrary SQL commands via the "tbid" parameter. Solution Update this plugin...
WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...
WordPress Eight Day Week Print Workflow plugin <= 1.2.6 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Loganatha Vishnubalaji in WordPress Plugin Eight Day Week Print Workflow versions = 1.2.6...
WordPress AIWU plugin <= 1.4.21 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.21...
WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kapee versions 1.7.1...
WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...
WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability
Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...
WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Nasa Core versions 6.4.1...
WordPress MasterStudy LMS Pro plugin <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin MasterStudy LMS Pro versions = 4.7.0...