46681 matches found
WordPress Lazyest Backup Plugin <= 0.2.1 - XSS
Because of this vulnerability in lazyest-backup.php, the attackers can inject arbitrary web script or HTML via the "xmlorall" parameter. Solution Update the plugin...
WordPress My Calendar Plugin <= 1.10.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...
WordPress Connections Plugin <= 0.7.1.5 - Unspecified vulnerability
Because of this vulnerability, this plugin has unknown impact and attack vectors. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.34 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress FLV Player Plugin 1.1 - SQL Injection
This WordPress FLV Player plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #1
Because of these vulnerabilities, the authenticated users can execute arbitrary SQL commands via the "editforumid parameter" in an editsaveforum action, "id" parameter to fs-admin/fs-admin.php or "memberid" parameter in a removemember action. Solution Update the plugin...
WordPress Pretty Link Lite Plugin <= 1.5.3 - XSS
Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...
WordPress Whois Search Plugin <= 1.4.2.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "domain" parameter. Solution Update the plugin...
WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...
WordPress 2 Click Social Media Buttons Plugin <= 0.33 - XSS
Because of this vulnerability in libs/xing.php, the attackers can inject arbitrary web script or HTML via the "xing-url" parameter. Solution Update the plugin...
WordPress Bad Behavior Plugin <= 2.2.4 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Postie Plugin 1.4.3 - Stored XSS
WordPress Postie plugin is prone to a stored XSS vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credential...
WordPress <= 3.4.1 - XSS and BYPASS
Because of these vulnerabilities, authenticated users can perform cross-site scripting attacks by leveraging the Administrator or Editor role and composing crafted text and bypass intended access restrictions. Solution Update WordPress...
WordPress Soundcloud Is Gold 2.1 - Cross Site Scripting
WordPress Soundcloud Is Gold plugin's "width" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities
Zingiri Web Shop plugin is prone to multiple cross-site scripting vulnerabilities. After the malicious code posted up, Javascrip code inserted to database with "$POST'notes'" variable. When administrator wants to see list of ordered items list, Javascript codes will come from database and start...
WordPress BuddyPress Plugin 1.5.5 - Remote SQL Injection
Buddypress plugin is prone to Remote SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Pay with Tweet Plugin <= 1.1 - Multiple Vulnerabilities
WordPress Pay with Tweet plugin is prone to a blind SQL injection and XSS vulnerabilities. Solution Update the plugin...
WordPress RedLine Theme 1.65 - Cross Site Scripting
WordPress RedLine theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting
WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress ZenLite Theme <= 4.3 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...
WordPress AdRotate Plugin <= 3.6.5 - SQL Injection
AdRotate plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion
AllWebMenus plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...
WordPress Twitter Feed Plugin <= 0.3.1 - XSS
Because of this vulnerability in magpiedebug.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...
WordPress <= 3.1.2 - Unspecified vulnerability #2
Because of this vulnerability, there are unknown impact and attack vectors related to "Media security." in this WordPress version. Solution Update WordPress...
WordPress Related Posts Plugin <= 1.0 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities in the configuration screen in wp-relatedposts.php, the attackers can hijack the authentication of administrators for requests that insert cross-site scripting sequences. Solution Update the plugin...
WordPress Mediatricks Viva Thumbs Plugin - Multiple Information Disclosure Vulnerabilities
This Mediatricks Viva Thumbs plugin is prone to multiple information-disclosure vulnerabilities. It fails to properly clean up user-supplied input. The attackers may use these issues to confirm the existence of local files outside the WordPress Webroot. The information that they get can be useful...
WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS
Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...
WordPress <= 3.0.1 - SQL Injection
Because of this vulnerability, authenticated users can execute arbitrary SQL commands via the Send Trackbacks field. Solution Update WordPress...
WordPress Copperleaf Photolog Plugin 0.16 - SQL injection Vulnerability
This Copperleaf Photolog plugin is prone to an SQL injection vulnerability. It allows the attackers to execute arbitrary SQL commands via the "postid" parameter. Solution Update the plugin...
WordPress WP-Cumulus <= 1.20 - Vulnerabilities
There are several vulnerabilities in this WordPress WP-Cumulus: cross-site scripting and full path disclosure vulnerabilities. Solution Update the WordPress...
JD-WordPress 2.0 RC2 - Remote file inclusion
The vulnerabilities in JD-WordPress allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter in 1 wp-comments-post.php, 2 wp-feed.php, or 3 wp-trackback.php. Solution Update WordPress...
WordPress NextGEN Gallery Plugin <= 0.96 - XSS
Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the picture description field in a page edit action. Solution Update the plugin...
WordPress <= 2.7.1 - Information Disclosure
Because of this vulnerability, the attackers can obtain sensitive information by reading the HTML source. Solution Update WordPress...
WordPress e-Commerce Plugin <= 3.4 - Unrestricted File Upload
Because of this vulnerability in imageprocessing.php, the attackers can execute arbitrary code by uploading a file with an executable extension. Solution Update the plugin...
WordPress fMoblog Plugin 2.1 - SQL Injection Vulnerability
SQL injection vulnerability found in fmoblog.php. An attacker can execute arbitrary SQL commands via the id parameter to index.php. Solution Upgrade plugin...
WordPress Page Flip Image Gallery Plugin <= 0.2.2 - Directory Traversal
Because of this vulnerability, the attackers can read arbitrary files via "bookid" parameter. Solution Update the plugin...
WordPress WP Comment Remix Plugin <= 1.4.3 - XSS
Because of this vulnerability in wpcommentremix.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress MU <= 2.5 - XSS
Because of this vulnerability in wp-admin/wp-blogs.php, the attackers tcan inject arbitrary web script or HTML . Solution Update WordPress...
WordPress <= 2.5 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...
WordPress Sniplets Plugin <= 1.2.2 - Remote File Inclusion
Because of this vulnerability in modules/syntaxhighlight.php, the attackers can execute arbitrary PHP code via a URL in the "libpath" parameter. Solution Update the plugin...
WordPress DMSGuestbook Plugin <= 1.7.0 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Captcha Plugin <= 2.5 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 2.3.9 - SQL Injection
Because of this vulnerability, the attackers can obtain sensitive information via an invalid "p" parameter. Solution Update WordPress...
WordPress Contact Form Plugin <= 1.5 - Multiple CSRF
Because of these vulnerabilities, the attackers can perform actions as administrators. Solution Update the plugin...
WordPress <= 2.2.3 - XSS
The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...
WordPress MU <= 1.0 - XSS
Because of this vulnerability in wp-newblog.php, the attackers can inject arbitrary web script or HTML via the "weblogid" parameter. Solution Update WordPress...
WordPress Unnamed Theme <= 1.217 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...
WordPress AndyBlue Theme - XSS
Because of this vulnerability in searchform.php, the attackers can inject arbitrary web script or HTML. Solution Update the theme...
WordPress wordTube Plugin <= 1.43 - Remote File Inclusion
Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress wordTube plugin to the latest available version at least 1.44...
WordPress Enigma2 Plugin - Remote File Inclusion
Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "boarddir" parameter. Solution Update the plugin...