Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
•added 2013/02/12 12:0 a.m.•19 views

WordPress Lazyest Backup Plugin <= 0.2.1 - XSS

Because of this vulnerability in lazyest-backup.php, the attackers can inject arbitrary web script or HTML via the "xmlorall" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.0224EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/01/30 12:0 a.m.•19 views

WordPress My Calendar Plugin <= 1.10.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...

2.6CVSS2.9AI score0.02177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/01/11 12:0 a.m.•19 views

WordPress Connections Plugin <= 0.7.1.5 - Unspecified vulnerability

Because of this vulnerability, this plugin has unknown impact and attack vectors. Solution Update the plugin...

10CVSS8.1AI score0.02607EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/01/02 12:0 a.m.•19 views

WordPress Mingle Forum Plugin <= 1.0.34 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.3AI score0.02132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/11/07 12:0 a.m.•19 views

WordPress FLV Player Plugin 1.1 - SQL Injection

This WordPress FLV Player plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/10/08 12:0 a.m.•19 views

WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #1

Because of these vulnerabilities, the authenticated users can execute arbitrary SQL commands via the "editforumid parameter" in an editsaveforum action, "id" parameter to fs-admin/fs-admin.php or "memberid" parameter in a removemember action. Solution Update the plugin...

6.5CVSS6.3AI score0.01512EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/09/23 12:0 a.m.•19 views

WordPress Pretty Link Lite Plugin <= 1.5.3 - XSS

Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01668EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/09/23 12:0 a.m.•19 views

WordPress Whois Search Plugin <= 1.4.2.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "domain" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.0224EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/09/14 12:0 a.m.•19 views

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...

6.8CVSS3.1AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/08/13 12:0 a.m.•19 views

WordPress 2 Click Social Media Buttons Plugin <= 0.33 - XSS

Because of this vulnerability in libs/xing.php, the attackers can inject arbitrary web script or HTML via the "xing-url" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.0578EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/08/13 12:0 a.m.•19 views

WordPress Bad Behavior Plugin <= 2.2.4 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.8AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/08/08 12:0 a.m.•19 views

WordPress Postie Plugin 1.4.3 - Stored XSS

WordPress Postie plugin is prone to a stored XSS vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credential...

4.3CVSS3.2AI score0.03748EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/06/14 12:0 a.m.•19 views

WordPress <= 3.4.1 - XSS and BYPASS

Because of these vulnerabilities, authenticated users can perform cross-site scripting attacks by leveraging the Administrator or Editor role and composing crafted text and bypass intended access restrictions. Solution Update WordPress...

2.6CVSS2.6AI score0.03103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/05/15 12:0 a.m.•19 views

WordPress Soundcloud Is Gold 2.1 - Cross Site Scripting

WordPress Soundcloud Is Gold plugin's "width" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS2.9AI score0.0377EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/04/26 12:0 a.m.•19 views

WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities

Zingiri Web Shop plugin is prone to multiple cross-site scripting vulnerabilities. After the malicious code posted up, Javascrip code inserted to database with "$POST'notes'" variable. When administrator wants to see list of ordered items list, Javascript codes will come from database and start...

4.3CVSS1.1AI score0.05337EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/03/31 12:0 a.m.•19 views

WordPress BuddyPress Plugin 1.5.5 - Remote SQL Injection

Buddypress plugin is prone to Remote SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.5AI score0.03459EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/01/06 12:0 a.m.•19 views

WordPress Pay with Tweet Plugin <= 1.1 - Multiple Vulnerabilities

WordPress Pay with Tweet plugin is prone to a blind SQL injection and XSS vulnerabilities. Solution Update the plugin...

2.6CVSS2.1AI score0.03031EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/30 12:0 a.m.•19 views

WordPress RedLine Theme 1.65 - Cross Site Scripting

WordPress RedLine theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

4.3CVSS2.9AI score0.03134EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/30 12:0 a.m.•19 views

WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting

WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS3.1AI score0.03429EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/27 12:0 a.m.•19 views

WordPress ZenLite Theme <= 4.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

4.3CVSS2.7AI score0.01512EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/24 12:0 a.m.•19 views

WordPress AdRotate Plugin <= 3.6.5 - SQL Injection

AdRotate plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS4AI score0.03066EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/19 12:0 a.m.•19 views

WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion

AllWebMenus plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...

7.5CVSS4.3AI score0.10322EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/08/23 12:0 a.m.•19 views

WordPress Twitter Feed Plugin <= 0.3.1 - XSS

Because of this vulnerability in magpiedebug.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01921EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/08/10 12:0 a.m.•19 views

WordPress <= 3.1.2 - Unspecified vulnerability #2

Because of this vulnerability, there are unknown impact and attack vectors related to "Media security." in this WordPress version. Solution Update WordPress...

10CVSS7.4AI score0.02573EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/02/03 12:0 a.m.•19 views

WordPress Related Posts Plugin <= 1.0 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities in the configuration screen in wp-relatedposts.php, the attackers can hijack the authentication of administrators for requests that insert cross-site scripting sequences. Solution Update the plugin...

4.3CVSS2.6AI score0.00964EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2010/12/21 12:0 a.m.•19 views

WordPress Mediatricks Viva Thumbs Plugin - Multiple Information Disclosure Vulnerabilities

This Mediatricks Viva Thumbs plugin is prone to multiple information-disclosure vulnerabilities. It fails to properly clean up user-supplied input. The attackers may use these issues to confirm the existence of local files outside the WordPress Webroot. The information that they get can be useful...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2010/12/04 12:0 a.m.•19 views

WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS

Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...

4.3CVSS2.7AI score0.02142EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2010/11/16 12:0 a.m.•19 views

WordPress <= 3.0.1 - SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via the Send Trackbacks field. Solution Update WordPress...

6CVSS5.8AI score0.03139EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2010/02/15 12:0 a.m.•19 views

WordPress Copperleaf Photolog Plugin 0.16 - SQL injection Vulnerability

This Copperleaf Photolog plugin is prone to an SQL injection vulnerability. It allows the attackers to execute arbitrary SQL commands via the "postid" parameter. Solution Update the plugin...

7.5CVSS7.1AI score0.02818EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2009/11/25 12:0 a.m.•19 views

WordPress WP-Cumulus <= 1.20 - Vulnerabilities

There are several vulnerabilities in this WordPress WP-Cumulus: cross-site scripting and full path disclosure vulnerabilities. Solution Update the WordPress...

5CVSS1.4AI score0.06392EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2009/10/19 12:0 a.m.•19 views

JD-WordPress 2.0 RC2 - Remote file inclusion

The vulnerabilities in JD-WordPress allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter in 1 wp-comments-post.php, 2 wp-feed.php, or 3 wp-trackback.php. Solution Update WordPress...

7.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2009/09/07 12:0 a.m.•19 views

WordPress NextGEN Gallery Plugin <= 0.96 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the picture description field in a page edit action. Solution Update the plugin...

4.3CVSS2.7AI score0.01467EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2009/07/10 12:0 a.m.•19 views

WordPress <= 2.7.1 - Information Disclosure

Because of this vulnerability, the attackers can obtain sensitive information by reading the HTML source. Solution Update WordPress...

5CVSS1.6AI score0.02869EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2009/05/17 12:0 a.m.•19 views

WordPress e-Commerce Plugin <= 3.4 - Unrestricted File Upload

Because of this vulnerability in imageprocessing.php, the attackers can execute arbitrary code by uploading a file with an executable extension. Solution Update the plugin...

6.8CVSS5.8AI score0.07097EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2009/03/17 12:0 a.m.•19 views

WordPress fMoblog Plugin 2.1 - SQL Injection Vulnerability

SQL injection vulnerability found in fmoblog.php. An attacker can execute arbitrary SQL commands via the id parameter to index.php. Solution Upgrade plugin...

7.5CVSS4.8AI score0.03582EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2008/12/30 12:0 a.m.•19 views

WordPress Page Flip Image Gallery Plugin <= 0.2.2 - Directory Traversal

Because of this vulnerability, the attackers can read arbitrary files via "bookid" parameter. Solution Update the plugin...

4.3CVSS4.6AI score0.05808EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/10/24 12:0 a.m.•19 views

WordPress WP Comment Remix Plugin <= 1.4.3 - XSS

Because of this vulnerability in wpcommentremix.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.8AI score0.02142EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/10/21 12:0 a.m.•19 views

WordPress MU <= 2.5 - XSS

Because of this vulnerability in wp-admin/wp-blogs.php, the attackers tcan inject arbitrary web script or HTML . Solution Update WordPress...

4.3CVSS1.6AI score0.0381EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/05/02 12:0 a.m.•19 views

WordPress <= 2.5 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...

4.3CVSS3AI score0.02145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2008/02/28 12:0 a.m.•19 views

WordPress Sniplets Plugin <= 1.2.2 - Remote File Inclusion

Because of this vulnerability in modules/syntaxhighlight.php, the attackers can execute arbitrary PHP code via a URL in the "libpath" parameter. Solution Update the plugin...

7.5CVSS6.6AI score0.48329EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2008/02/05 12:0 a.m.•19 views

WordPress DMSGuestbook Plugin <= 1.7.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.2AI score0.02662EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/01/09 12:0 a.m.•19 views

WordPress Captcha Plugin <= 2.5 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.01854EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/01/09 12:0 a.m.•19 views

WordPress <= 2.3.9 - SQL Injection

Because of this vulnerability, the attackers can obtain sensitive information via an invalid "p" parameter. Solution Update WordPress...

5CVSS4.5AI score0.02576EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2008/01/09 12:0 a.m.•19 views

WordPress Contact Form Plugin <= 1.5 - Multiple CSRF

Because of these vulnerabilities, the attackers can perform actions as administrators. Solution Update the plugin...

4.3CVSS5.3AI score0.01273EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/09/14 12:0 a.m.•19 views

WordPress <= 2.2.3 - XSS

The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...

4.3CVSS4.4AI score0.01522EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/08/27 12:0 a.m.•19 views

WordPress MU <= 1.0 - XSS

Because of this vulnerability in wp-newblog.php, the attackers can inject arbitrary web script or HTML via the "weblogid" parameter. Solution Update WordPress...

4.3CVSS2.8AI score0.00893EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/08/07 12:0 a.m.•19 views

WordPress Unnamed Theme <= 1.217 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

5CVSS2.8AI score0.02075EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/06/14 12:0 a.m.•19 views

WordPress AndyBlue Theme - XSS

Because of this vulnerability in searchform.php, the attackers can inject arbitrary web script or HTML. Solution Update the theme...

4.3CVSS1.7AI score0.03086EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/05/03 12:0 a.m.•19 views

WordPress wordTube Plugin <= 1.43 - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress wordTube plugin to the latest available version at least 1.44...

6.8CVSS6.1AI score0.40099EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2007/01/04 12:0 a.m.•19 views

WordPress Enigma2 Plugin - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "boarddir" parameter. Solution Update the plugin...

10CVSS6.6AI score0.12733EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000