46684 matches found
WordPress WP Support Plus Responsive Ticket System Plugin 2.0 - Multiple Vulnerabilities
There are 4 multiple vulnerabilities in this plugin. 1. SQL injection. 2. Full path disclosure. With this vulnerability full path to the file will be shown to the user after the file has been uploaded. 3. Directory traversal that allows download any file from the server. 4. Broken authentication...
WordPress WP Ban Plugin <= 1.6.3 - BYPASS
Because of this vulnerability, the attackers can bypass the IP blacklist via a crafted X-Forwarded-For header. Solution Update the plugin...
WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection
An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...
WordPress Mobile Pack Plugin <= 2.0.1 - Information Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an exportarticles action to export/content.php. Solution Update the plugin...
WordPress Disqus Plugin 2.7.5 - Admin Stored CSRF and XSS
Disqus plugin is prone to an admin stored CSRF and XSS vulnerabilities. Solution Update the plugin...
WordPress Zedity Plugin <= 2.4.0 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...
WordPress FB Gorilla Plugin - SQL Injection
This WordPress FB Gorilla plugin's "gameplay.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Vitamin Plugin <= 1.0.9 - Multiple Directory Traversal
Because of these vulnerabilities, the attackers can access arbitrary files in the "path" parameter. Solution Update the plugin...
WordPress Meta Slider Plugin <= 2.5 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter to wp-admin/admin.php. Solution Update the plugin...
WordPress BSK PDF Manager Plugin - Multiple SQL Injection Vulnerabilities
BSK PDF Manager plugin's "wp-admin/admin.php" is prone to multiple SQL injection vulnerabilities that allow to compromise the application, modify or access data. Also, exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities
Simple Share Buttons Adder plugin is prone to multiple vulnerabilities CSRF and XSS that allow an attacker to convince an admin to visit a link of their choosing. Solution Update to version 4.5...
WordPress Malware Finder Plugin <= 1.1 - XSS
Because of this vulnerability in process.php, the attackers can inject arbitrary web script or HTML via the "query" parameter. Solution Update the plugin...
WordPress OMFG Mobile Pro Plugin <= 1.1.26 - XSS
Because of this vulnerability in shortcode-generator/preview-shortcode-external.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Silverlight Media Player Plugin <= 0.8 - XSS
Because of this vulnerability in uploader.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...
WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS
Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...
WordPress WP Ultimate Email Marketer Plugin <= 1.1.0 - XSS
Because of these vulnerabilities in contact/edit.php, the attackers can inject arbitrary web script or HTML via the "contact" or "listname"parameter. Solution Update the plugin...
WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS
Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Tera Charts Plugin - Remote Path Traversal File Disclosure
Tera Charts plugin's zoomabletreemap.php "fn" parameter is prone to remote path traversal file disclosure vulnerability that allow an attacker to get potentially sensitive information. Other attacks are also possible. Solution Update the plugin...
WordPress iMember360 Plugin <= 3.9.001 - Disclosure of Database Credentials
Because of this vulnerability, the attackers can obtain database credentials via the "i4wdbinfo" parameter. Solution Update the plugin...
WordPress Search Everything Plugin <= 8.1.0 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of unspecified victims via unknown vectors. Solution Update the plugin...
WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...
WordPress 2.0.11 - Cross Site Request Forgery
WordPress 2.0.11 version is prone to a cross site request forgery via "/wp-admin/options-discussion.php". It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update WordPress...
WordPress Blue Wrench Video Widget Plugin - Cross Site Request Forgery
WordPress Blue Wrench Video Widget plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...
WordPress Comment Attachment Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Attachment field title." Solution Update the plugin...
WordPress One Webmaster Plugin <= 8.2.3 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross site scripting sequences. Solution Update the plugin...
WordPress Facebook Members Plugin <= 5.0.4 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...
WordPress Simple Paypal Shopping Cart Plugin <= 3.5 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings. Solution Update the plugin...
WordPress LeagueManager Plugin 3.8 - SQL Injection
LeagueManager plugin is prone to an SQL injection that exists in the "leagueid" parameter of a function call made by the leaguemanagerexport page. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit...
WordPress Ripe HD FLV Player Plugin - SQL Injection
WordPress Ripe HD FLV Player plugin is prone to an SQL injection vulnerability. It allows an attacker to get access to the database, get username, password and disclosure the full path. Solution Update the plugin...
WordPress Connections Plugin <= 0.7.1.5 - Unspecified vulnerability
Because of this vulnerability, this plugin has unknown impact and attack vectors. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.34 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress SCORM Cloud Plugin <= 1.0.6 - SQL Injection
Because of this vulnerability in ajax.php, the attackers can execute arbitrary SQL commands via the "active" parameter. Solution Update the plugin...
WordPress Pay With Tweet Plugin <= 1.1 - SQL Injection
Because of this vulnerability, the authenticated users can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #1
Because of these vulnerabilities, the authenticated users can execute arbitrary SQL commands via the "editforumid parameter" in an editsaveforum action, "id" parameter to fs-admin/fs-admin.php or "memberid" parameter in a removemember action. Solution Update the plugin...
WordPress Pretty Link Lite Plugin <= 1.5.3 - XSS
Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...
WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...
WordPress 2 Click Social Media Buttons Plugin <= 0.33 - XSS
Because of this vulnerability in libs/xing.php, the attackers can inject arbitrary web script or HTML via the "xing-url" parameter. Solution Update the plugin...
WordPress Chenpress Plugin - Arbitrary File Upload
WordPress Chenpress plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...
WordPress Login With Ajax Plugin <= 3.0.4.0 - XSS #2
Because of this vulnerability in login-with-ajax.php, the attackers can inject arbitrary web script or HTML via the "callback" parameter. Solution Update the plugin...
WordPress Soundcloud Is Gold 2.1 - Cross Site Scripting
WordPress Soundcloud Is Gold plugin's "width" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress Recent Comments Plugin <= 2.0.6 - XSS
Because of this vulnerability in the core.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...
WordPress Count per Day Plugin - Multiple Vulnerabilities
WordPress Count per Day plugin is prone to multiple vulnerabilities such as XSS and user could call a remote script to download arbitrary file from the target system. Solution Update the plugin...
WordPress ZenLite Theme <= 4.3 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...
WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion
AllWebMenus plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...
WordPress Crawl Rate Tracker Plugin <= 2.0.2 - SQL Injection
Crawl Rate Tracker plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress <= 3.1.2 - Clickjacking Attacks
This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...
WordPress Custom Pages Plugin 0.5.0.1 - Local File Inclusion
This vulnerability can be exploited to include arbitrary files. Solution Update the plugin...
WordPress FeedList Plugin 2.61.01 - Cross-Site Scripting Vulnerability
This FeedList plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...
WordPress cache_lastpostdate - Arbitrary Code Execution
WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has registerglobals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code. Solution Update WordPress...
WordPress Simple Forum Plugin - SQL Injection
Because of this vulnerability in ahah/sf-profile.php, the attackers can execute arbitrary SQL commands via the "u" parameter. Solution Update the plugin...