46681 matches found
WordPress Custom Community Theme <= 2.0.24 - Stored XSS
Because of this vulnerability, any user can perform a stored XSS attack. Solution Update the theme...
WordPress Audio Player Plugin <= 2.0 - Multiple SQL Injection
Because of these vulnerabilities, the administrators can execute arbitrary SQL commands via the "itemid" parameter in the wonderpluginaudioshowitem. Also, an authenticated user can execute arbitrary SQL commands via the "itemid" parameter in a wonderpluginaudiosaveitem action to...
WordPress JS Multi Hotel Plugin <= 2.2.1 - XSS
Because of this cross site scripting vulnerability in includes/deleteimg.php, the attackers can inject arbitrary web script or HTML via the "path" parameter. Solution Update the plugin...
WordPress Unconfirmed Plugin <= 1.2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
WordPress JS Multi Hotel Plugin <= 2.2.1 - XSS
Because of this vulnerability in includes/refreshDate.php, the attackers can inject arbitrary web script or HTML via the "roomid" parameter. Solution Update the plugin...
WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF
Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...
WordPress All In One WP Security & Firewall Plugin <= 3.8.7 - SQL Injection
Because of this SQL Injection vulnerability, attackers can execute arbitrary SQL commands via unspecified vectors. Solution Upgrade the plugin...
WordPress Cart66 Lite Plugin <= 1.5.3 - SQL Injection
This vulnerability allows authenticated users to execute arbitrary SQL commands via the "q" parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress TweetScribe Plugin <= 1.1 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress wpCommentTwit Plugin <= 0.5 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...
WordPress Captcha Plugin <= 4.0.6 - BYPASS
Because of this vulnerability, remote attackers can bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Solution Update the plugin...
WordPress WPDataTables Plugin 1.5.3 - SQL Injection
This WordPress WPDataTables plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress <= 4.0.0 - XSS #3
Because of this vulnerability in the "media-playlists" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss...
WordPress Spreadsheet Plugin <= 0.62 - XSS
Because of this vulnerability in sshandler.php, the attackers can inject arbitrary web script or HTML via the "ssid" parameter. Solution Update the plugin...
WordPress Enfold Theme <= 3.0.0 - Unspecified Vulnerability
Because of this vulnerability in the folder framework, this theme has unknown impact and attack vectors. Solution Update the theme...
WordPress EWWW Image Optimizer Cloud Plugin <= 2.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Easy MailChimp Forms Plugin <= 5.0.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress NEX-Forms Lite Plugin <= 2.1.0 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "formfields" parameter. Solution Update the plugin...
WordPress Contact Form DB Plugin <= 2.8.15 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "form" or "enc" parameter. Solution Update the plugin...
WordPress Titan Framework Plugin <= 1.5 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "t" parameter to iframe-googlefont-preview.php or the "text" parameter to iframe-font-preview.php. Solution Update the plugin...
WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection
An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...
WordPress Content Audit Plugin <= 1.6.0 - SQL Injection
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. Solution Update the plugin...
WordPress SI CAPTCHA Plugin <= 2.7.4 - XSS
Because of this vulnerability in captcha-secureimage/test/index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...
WordPress Simple Retail Menus Plugin <= 4.0 - SQL Injection
Because of this vulnerability in includes/mode-edit.php, remote authenticated editors can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "targetmenu" parameter. Solution Update the plugin...
WordPress Quartz Plugin <= 1.01.1 - SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands in an edit action in the quartz/quoteform.php page to wp-admin/edit.php via the "quote" parameter. Solution Update the plugin...
WordPress ZooEffect Plugin <= 1.08 - Reflected XSS
This plugin is prone to a HTTP referer reflected cross site scripting vulnerability. Solution Update the plugin...
WordPress Vitamin Plugin <= 1.0.9 - Multiple Directory Traversal
Because of these vulnerabilities, the attackers can access arbitrary files in the "path" parameter. Solution Update the plugin...
WordPress FB Gorilla Plugin - SQL Injection
This WordPress FB Gorilla plugin's "gameplay.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Gallery Objects Plugin 0.4 - SQL Injection
This WordPress Gallery Objects plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress WP Ultimate Email Marketer Plugin <= 1.1.0 - XSS
Because of these vulnerabilities in contact/edit.php, the attackers can inject arbitrary web script or HTML via the "contact" or "listname"parameter. Solution Update the plugin...
WordPress Silverlight Media Player Plugin <= 0.8 - XSS
Because of this vulnerability in uploader.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...
WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS
Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress CBI Referral Manager Plugin <= 1.2.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "searchString" parameter. Solution Update the plugin...
WordPress BIC Media Widget Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "param" parameter. Solution Update the plugin...
WordPress Verification Code for Comments Plugin <= 2.1.0 - Multiple XSS
Because of these vulnerabilities in vcc.js.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS
Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...
WordPress WP FaceThumb Plugin <= 1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "ajaxurl" parameter to index.php. Solution Update the plugin...
WordPress Responsive Preview Plugin <= 1.1 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Tera Charts Plugin - Remote Path Traversal File Disclosure
Tera Charts plugin's zoomabletreemap.php "fn" parameter is prone to remote path traversal file disclosure vulnerability that allow an attacker to get potentially sensitive information. Other attacks are also possible. Solution Update the plugin...
WordPress Contact Bank Plugin <= 2.0.19 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the Label field, related to form layout configuration. Solution Update the plugin...
WordPress File Gallery Plugin <= 1.7.9.1 - Arbitrary Code Execution
This plugin does not properly escape strings, which allows remote administrators to execute arbitrary PHP code. Solution Update the plugin...
WordPress <= 3.0.0
A WordPress multi-site installation, permanently retains the "site administrators can add users" option once changed which might allow authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an "add" action after a temporary change. Solution Update...
WordPress Newsletter Manager Plugin <= 1.0.1 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Recommend To a Friend Plugin <= 2.0.2 - XSS
Because of this vulnerability in inc/rafform.php, the attackers can inject arbitrary web script or HTML via the "currenturl" parameter. Solution Update the plugin...
WordPress 2.0.11 - Cross Site Request Forgery
WordPress 2.0.11 version is prone to a cross site request forgery via "/wp-admin/options-discussion.php". It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update WordPress...
WordPress Blue Wrench Video Widget Plugin - Cross Site Request Forgery
WordPress Blue Wrench Video Widget plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...
WordPress WP Photo Album Plus Plugin <= 5.0.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "commentid" parameter in a wppamanagecomments edit action. Solution Update the plugin...
WordPress Dropdown Menu Widget Plugin <= 1.7.1 - CSRF and XSS
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross-site scripting sequences. Solution Update the plugin...
WordPress WP MailUp Plugin <= 1.3.1 - BYPASS
Because of this vulnerability, the attackers can modify plugin settings and conduct cross-site scripting attacks via unspecified vectors. Solution Update the plugin...