46702 matches found
WordPress Kernel Theme - Remote File Upload
WordPress Kernel theme is prone to a remote file upload vulnerability. Affected file is "upload-handler.php". Solution Upgrade the theme...
WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #1
Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "sort" parameter. Solution Update the plugin...
WordPress Login With Ajax Plugin <= 3.0 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...
WordPress One Webmaster Plugin <= 8.2.3 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross site scripting sequences. Solution Update the plugin...
WordPress Symposium Plugin <= 13.03 - XSS
Because of this vulnerability in invite.php in, the attackers can inject arbitrary web script or HTML via the "u" parameter. Solution Update the plugin...
WordPress WP Table Reloaded Plugin - Cross Site Scripting
WP Table Reloaded plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...
WordPress Ripe HD FLV Player Plugin - SQL Injection
WordPress Ripe HD FLV Player plugin is prone to an SQL injection vulnerability. It allows an attacker to get access to the database, get username, password and disclosure the full path. Solution Update the plugin...
WordPress WP MailUp Plugin <= 1.3.2 - XSS
This plugin is prone to cross site scripting attacks by setting the wordpressloggedin cookie. Solution Update the plugin...
WordPress <= 3.5.0 - Multiple Cross Site Scripting
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress SCORM Cloud Plugin <= 1.0.6 - SQL Injection
Because of this vulnerability in ajax.php, the attackers can execute arbitrary SQL commands via the "active" parameter. Solution Update the plugin...
WordPress Pretty Link Lite Plugin <= 1.5.5 - XSS
Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...
WordPress Adminimize Plugin <= 1.7.21 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Automatic Plugin 2.0.3 - SQL Injection
This WordPress Automatic plugin is prone to an SQL injection. This vulnerability works in the csv.php file which does not require valid login credential and it allows an attacker to execute SQL Queries. Solution Upgrade this plugin to version 2.0.4...
WordPress Slideshow Gallery Plugin 1.1.x - Cross Site Scripting
WordPress Slideshow Gallery plugin's "border" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress Featurific For WordPress Plugin 1.6.2 - Cross Site Scripting
WordPress Featurific For WordPress plugin's "snum" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...
WordPress Jetpack Plugin - SQL Injection
Jetpack plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Classipress Theme <= 3.1.4 - Stored XSS
Classipress theme is prone to a stored cross-site scripting vulnerability because of input failure through the POST parameters 'facebookid' and 'twitterid' in a registered user's profile page. It allows an attacker to inject Javascript code. Solution Update the theme...
WordPress Morning Coffee Theme 3.5 - Cross Site Scripting
WordPress Morning Coffee theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...
WordPress Crawl Rate Tracker Plugin <= 2.0.2 - SQL Injection
Crawl Rate Tracker plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Global Content Blocks Plugin <= 1.2 - SQL Injection
This WordPress Global Content Blocks plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress <= 3.1.2 - Clickjacking Attacks
This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...
WordPress WPtouch Plugin <= 1.9.20 - XSS
Because of this vulnerability in lib/includes/auth.inc.php, the attackers can inject arbitrary web script or HTML via the "wptouchsettings" parameter to include/adsense-new.php. Solution Update the plugin...
WordPress CformsII Plugin 11.5 / 13.1 - Multiple Cross-Site Scripting Vulnerabilities
CformsII plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...
WordPress cache_lastpostdate - Arbitrary Code Execution
WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has registerglobals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code. Solution Update WordPress...
WordPress WP Cumulus Plugin <= 1.21 - XSS
Because of this vulnerability in wp-cumulus.php, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...
WordPress <= 2.3.2 - Multiple XSS vulnerabilities
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...
WordPress Footnotes Plugin <= 2.2 - Multiple XSS vulnerabilities
Because of these vulnerabilities in adminpanel.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 2.3.2 - Unauthorized Access Vulnerability
Because of this vulnerability, the attackers can edit posts of other blog users via unknown vectors. Solution Update WordPress...
WordPress DMSGuestbook Plugin <= 1.8.0 - Directory Traversal
Because of this vulnerability in wp-admin/admin.php, the authenticated users can read arbitrary files. Solution Update the plugin...
WordPress Migration Plugin <= 1.0 - CSRF
Because of this vulnerability in deanspermalinksmigration.php, the attackers can modify the oldstructure configuration setting. Solution Update the plugin...
WordPress fGallery Plugin <= 2.4.1 - SQL Injection
Because of this vulnerability in fimrss.php, the attackers can execute arbitrary SQL commands via the "album" parameter. Solution Update the plugin...
WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload
Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...
WordPress <= 2.0.3 - Directory Traversal
Because of this vulnerability in wp-db-backup.php, the attackers can read arbitrary files, delete arbitrary files, and cause a denial of service in the "backup" parameter. Solution Update WordPress...
WordPress <= 2.0.11 - Multiple Vulnerabilities
Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...
WordPress <= 2.0.9 - Multiple XSS
Because of these vulnerabilitie, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...
WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion
Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...
WordPress <= 2.2.1 - SQL Injection
Because of this vulnerability in options.php, the authenticated administrators can execute arbitrary SQL commands via the "pageoptions" parameter. Solution Update WordPress...
WordPress Default Theme <= 2.2 - XSS
Because of this vulnerability, the authenticated administrators can inject arbitrary web script or HTML. Solution Update the theme...
WordPress Vistered Little Theme - XSS
Because of this vulnerability in 404.php, the attackers can inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. Solution Update the theme...
WordPress <= 2.1.2 - Cross Site Scripting
Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.1.1 - Multiple XSS
Because of these vulnerabilities in wp-includes/functions.php, the attackers can inject arbitrary web script or HTML. Solution Update the WordPress to the latest available version at least 2.1.2...
WordPress <= 2.1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...
WordPress <= 2.0.0 - Cross Site Scripting
Because of this vulnerability, attackers can inject arbitrary web script or HTML via scriptable attributes such as onfocus and onblur in the "author's website" field. Solution Update the WordPress to the latest available version at least 2.0.1...
WordPress <= 1.5.1 - Multiple Vulnerabilities
Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to wp-admin/upgrade-functions.php, wp-includes/vars.php, wp-admin/edit-form.php, wp-content/plugins/hello.php, wp-settings.php or wp-admin/edit-form-comment.php. Solution Update the WordPress to...
WordPress <= 1.5.1.2 - Multiple Vulnerabilities #1
Because of these vulnerabilities in wp-login.php, the attackers can change the content of the forgotten password e-mail message via the message variable, that is not initialized before use. Solution Update the WordPress to the latest available version at least 1.5.1.3...
WordPress <= 1.5.1.2 - Multiple Vulnerabilities #2
Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to menu-header.php or a value in the "feed" parameter to wp-atom.php. Solution Update the Wordpress to the latest available version at least 1.5.1.3...
WordPress The7 — Website and eCommerce Builder for WordPress theme <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Theme The7 versions = 14.3.2...
WordPress WPC Badge Management for WooCommerce plugin <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WPC Badge Management for WooCommerce versions = 3.1.6...
WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 28.1.6...
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...