46702 matches found
WordPress Landing Pages Plugin <= 1.8.4 - SQL Injection
Thisvulnerability allows an authenticated user to execute arbitrary SQL commands in an edit delete-variation action via the "post" parameter to wp-admin/post.php. Solution Upgrade the plugin...
WordPress Crayon Syntax Highlighter Plugin <= 2.6.10 - Local File Disclosure
This plugin is prone to a local file disclosure vulnerability. It allows attackers to see the content of any file. Solution Update plugin...
WordPress Cardoza Poll Plugin <= 34.05 - Cross Site Request Forgery
This plugin is prone to a multiple external function remote poll manipulation. Solution Update the plugin...
WordPress Ninja Forms Plugin <= 2.8.9 - Unspecified Vulnerability
Because of this vulnerability in Ninja Forms plugin, remote attack vectors are related to admin users. Solution Update the plugin...
WordPress Photocrati Theme 4.x.x - SQL Injection and XSS
Because of SQL injection and XSS vulnerabilities, an attacker can execute a remote injection in URL site and get an important information. Solution Upgrade the theme...
WordPress EasyCart Plugin <= 3.0.20 - Privilege Escalation
Because of this vulnerability, attackers can do privilege escalation and remote code execution. Solution Update the plugin...
WordPress Symposium Plugin 14.11 - Shell Upload
Symposium plugin is prone to a shell upload vulnerability. It allows an attacker to execute arbitrary PHP code by making a direct request to the uploaded .php file. Solution Update the plugin...
WordPress Shopping Cart Plugin 3.0.4 - Unrestricted File Upload
Shopping Cart plugin is prone to an unrestricted file upload vulnerability. Because of incorrect if statement inside "banneruploaderscript.php", any registered user can upload any file. Solution Upgrade the plugin...
WordPress Our Team Showcase Plugin <= 1.2 - Multiple CSRF and XSS
Because of these cross-site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way, they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Simple Sticky Footer Plugin <= 1.3.2 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Simple Visitor Stat Plugin <= 4.5.2 BYPASS
Because of these vulnerabilities, the attackers can inject arbitrary HTML or web script via the HTTP User-Agent or HTTP Referer header. Solution No fix have been released...
WordPress jRSS Widget Plugin <= 1.2 - SSRF
This vulnerability is in the proxy.php. It allows the attackers to trigger outbound requests and enumerate open ports via the "URL" parameter. Solution Update the plugin...
WordPress HTML5 MP3 Player with Playlist Free Plugin <= 2.6 - Full Path Disclosure
Because of this vulnerability, the attackers can obtain the installation path via a request to html5plus/playlist.php. Solution Upgrade the plugin...
WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS
Because of a cross-site scripting vulnerability in Nextend Facebook Connect plugin, anyone can change plugin settings. Solution Update the plugin to version 1.5.1...
WordPress SP Client Document Manager Plugin 2.4.1 - SQL Injection
This WordPress SP Client Document Manager plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Another Classifieds Plugin - SQL Injection
This WordPress GD Star Rating plugin's "keywordphrase" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database when doing a search for classifieds. Solution...
WordPress Another Classifieds Plugin - SQL Injection
This WordPress GD Star Rating plugin's "keywordphrase" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database when doing a search for classifieds. Solution...
WordPress Web-Dorado Photo Gallery Plugin <= 1.1.30 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "callback", "dir", or "extensions" parameters. Solution Update the plugin...
WordPress Epic Theme - Arbitrary File Download
Epic theme's "download.php" is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the theme...
WordPress Acento Theme - Arbitrary File Download
Acento theme's "file" parameter in view-pdf.php is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the theme...
WordPress <= 3.9.1 - XSS
This vulnerability is in the wp-includes/pluggable.php. It allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. Solution Update WordPress...
WordPress DZS Video Gallery Plugin - Cross Site Scripting and Command Injection Vulnerabilities
Because of these vulnerabilities in DZS Video Gallery plugin, an attacker can execute arbitrary script code in the browser and execute arbitrary OS commands. In that way an attacker can steal cookie-based authentication credentials and launch other attacks. Solution Upgrade the plugin...
WordPress Contact Form Plugin <= 2.3 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "width" parameter. Solution Update the plugin...
WordPress VideoWhisper Live Streaming Integration Plugin <= 4.27.2 - XSS
Because of this vulnerability in ls/vvlogin.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Efence Plugin <= 1.3.2 - Multiple XSS
Because of these vulnerabilities in callback.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress HTML5 Video Player with Playlist Plugin <= 2.4.0 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Wu Rating Plugin <= 1.0 12319 - XSS
Because of this vulnerability in wu-ratepost.php, the attackers can inject arbitrary web script or HTML via the "v" parameter. Solution Update the plugin...
WordPress VideoWhisper Video Presentation Plugin <= 3.30 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Easy Post Types Plugin <= 1.4.3 - XSS
Because of this vulnerability in classes/custom-image/media.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Flash & HTML5 Video Plugin - Cross Site Request Forgery
This Flash & HTML5 Video plugin is prone to a CSRF vulnerability. It allows an attacker to perform certain actions that lead to further attacks. Solution Update the plugin...
WordPress Participants Database Plugin 1.5.4.8 - SQL Injection
SQL Injection in Participants Database plugin allows an unauthenticated user to execute arbitrary SQL statements. Solution Update the plugin...
WordPress Booking System Plugin - SQL Injection
This WordPress Booking Calendar plugin's "bookingformid" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress BuddyPress Plugin <= 1.9.1 - XSS
Because of this vulnerability, authenticated users can inject arbitrary web script or HTML via the name field to groups/create/step/group-details. Solution Update the plugin...
WordPress <= 3.0.1 - XSS
Because of this vulnerability in wp-admin/plugins.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...
WordPress Jetpack Plugin <= 2.9.2 - Security BYPASS
This plugin does not properly restrict access to the XML-RPC service. In that way the attackers can bypass intended restrictions and publish posts via unspecified vectors. Solution Update the plugin...
WordPress prettyPhoto Plugin <= 3.1.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via a crafted PATHINTO to the default URI. Solution Update the plugin...
WordPress Tweet Blender Plugin <= 4.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "tbtabindex" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress Apptha Video Gallery Plugin <= 2.0 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "playid" parameter to index.php. Solution Update the plugin...
WordPress Digg Digg Plugin <= 5.3.4 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of users for requests that modify settings via unspecified vectors. Solution Update the plugin...
WordPress <= 3.5.1 - Full Path Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the plugin...
WordPress TinyMCE Media Plugin <= 3.5.1 - Content Spoofing
A moxieplayer.as does not consider the presence of a character during extraction of the QUERYSTRING. In that way the attackers can pass arbitrary parameters to a Flash application and conduct content-spoofing attacks. Solution Update the plugin...
WordPress SWFUpload Plugin <= 3.5.1 - XSS
This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...
WordPress NextGEN Gallery Plugin - Path Disclosure Vulnerability
This NextGEN Gallery plugin is prone to a path-disclosure vulnerability. It allows anr attacker to obtain sensitive information that may lead to further attacks. Solution Update the plugin...
WordPress Organizer Plugin <= 1.2.1 - Multiple XSS
Because of these vulnerabilities in organizer/page/users.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.34 - Multiple CSRF
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests. Solution Update the plugin...
WordPress White Label CMS Plugin <= 1.5 - XSS
Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #2
Because of these vulnerabilities in fs-admin/fs-admin.php, the authenticated users can execute arbitrary SQL commands via the "usergroup" parameter in an addusertogroup action or "addforumgroupid" parameter in an addforumsubmit action. Solution Update the plugin...
WordPress Akismet Plugin - Multiple Cross Site Scripting Vulnerabilities
WordPress Akismet plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Zingiri Plugin <= 1.4.3 - Directory Traversal
Because of this vulnerability in forum.php, attackers can read arbitrary files in the "url" parameter to index.php. Solution Update the plugin...
WordPress All-in-One Event Calendar Plugin 1.4 - Multiple Parameter XSS
WordPress All-in-One Event Calendar plugin's /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php multiple parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browse...