46606 matches found
WordPress WP PostViews Plugin <= 1.62 - CSRF
Because of this vulnerability in the options admin page, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...
WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2
Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script. Solution Update the plugin...
WordPress Social Sharing Toolkit Plugin <= 2.1.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors. Solution Update the plugin...
WordPress Calendar Plugin <= 1.3.2 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Solution Update the plugin...
WordPress WP MailUp Plugin <= 1.3.1 - BYPASS
Because of this vulnerability, the attackers can modify plugin settings and conduct cross-site scripting attacks via unspecified vectors. Solution Update the plugin...
WordPress Social Media Widget Plugin <= 4.0 - Remote File Inclusion
This plugin contains a Trojan Horse, which allows the attackers to force the upload of arbitrary files. Solution Update the plugin...
WordPress My Calendar Plugin <= 1.10.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...
WordPress <= 3.4.2
The attackers can discover valid session identifiers via a brute-force attack, because this WordPress version does not invalidate a wordpresssec session cookie upon an administrator's logout action. Solution The application should keep track of session identifiers where a user has explicitly logg...
WordPress Another WordPress Classifieds Plugin <= 1.9 - Unspecified vulnerability
Because of this vulnerability, this plugin has unknown impact and attack vectors related to "image uploads." Solution Update the plugin...
WordPress Simple:Press Forum Plugin - Arbitrary File Upload
WordPressSimple:Press Forum plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...
WordPress WP E-Commerce Plugin <= 3.8.7.1 - XSS
Because of this vulnerability in wpsc-admin/display-sales-logs.php, the attackers can inject arbitrary web script or HTML via the "customtext" parameter. Solution Update the plugin...
WordPress <= 3.4.2 - CSRF
Because of this vulnerability in wp-admin/index.php, the attackers can hijack the authentication of administrators for requests. Solution Update WordPress...
WordPress Image News Slider Plugin <= 3.2 - Unspecified vulnerability
Because of this vulnerability, this plugin has unspecified impact and remote attack vectors. Solution Update the plugin...
WordPress FCChat Widget Plugin 2.2.x - Arbitrary File Upload
FCChat Widget plugin's "Upload.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also...
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
MM Forms Community plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload
Font Uploader plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
WordPress League Manager Plugin <= 3.7 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "group" parameter in the show-league page. Solution Update the plugin...
WordPress WP FaceThumb Plugin 0.1 - Cross Site Scripting
WordPress WP-FaceThumb plugin's "paginationwpfacethum" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attack...
WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities
Zingiri Web Shop plugin is prone to multiple cross-site scripting vulnerabilities. After the malicious code posted up, Javascrip code inserted to database with "$POST'notes'" variable. When administrator wants to see list of ordered items list, Javascript codes will come from database and start...
WordPress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload
Kish Guest Posting plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload
Because of this vulnerability, the attackers can execute arbitrary code by uploading a file with an executable extension using uploadify/uploadprofileavatar.php or uploadify/uploadadminavatar.php. Solution Update the plugin...
WordPress TheCartPress Plugin 1.6 - Cross Site Scripting
WordPress TheCartPress plugin's "OptionsPostsList.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...
WordPress Grand FlAGallery Plugin 1.57 - Cross Site Scripting
WordPress Grand FlAGallery plugin's "flagshow.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...
WordPress Redirection Plugin <= 2.2.9 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...
WordPress Advanced Text Widget Plugin 2.0 - Cross Site Scripting
WordPress Advanced Text Widget plugin's "page" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting
WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...
WordPress Atahualpa Theme 3.6.7 - Cross Site Scripting
WordPress Atahualpa theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-bas...
WordPress UnGallery plugin <= 1.5.8 - Local File Disclosure
This vulnerability allows an attacker to obtain important information from local files on computers running the vulnerable application. Other attacks are also possible. Solution Update the plugin...
WordPress Mediatricks Viva Thumbs Plugin - Multiple Information Disclosure Vulnerabilities
This Mediatricks Viva Thumbs plugin is prone to multiple information-disclosure vulnerabilities. It fails to properly clean up user-supplied input. The attackers may use these issues to confirm the existence of local files outside the WordPress Webroot. The information that they get can be useful...
WordPress WP Survey And Quiz Tool Plugin 1.2.1 - Cross-Site Scripting Vulnerability
This WP Survey And Quiz Tool plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Copperleaf Photolog Plugin 0.16 - SQL injection Vulnerability
This Copperleaf Photolog plugin is prone to an SQL injection vulnerability. It allows the attackers to execute arbitrary SQL commands via the "postid" parameter. Solution Update the plugin...
WordPress 2.9 - Failure to Restrict URL Access
A new feature, called "Trash", was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have. Solution Update the WordPress, because since versio...
WordPress 2.8.1 - Remote Cross-Site Scripting Vulnerability
This version of WordPress is prone to a cross-site scripting vulnerability. Solution Update WordPress...
WordPress <= 1.3.1 - Remote Code Execution
Because of this vulnerability, the authenticated users with manageoptions and uploadfiles capabilities can execute arbitrary code by uploading a PHP script. Solution Update WordPress...
WordPress MU <= 2.5 - XSS
Because of this vulnerability in wp-admin/wp-blogs.php, the attackers tcan inject arbitrary web script or HTML . Solution Update WordPress...
WordPress Newsletter Plugin - SQL Injection #1
Because of this vulnerability in stnliframe.php, the attackers can execute arbitrary SQL commands via the "newsletter" parameter. Solution Update the plugin...
WordPress Download Manager Plugin <= 0.2 - Arbitrary File Upload
Because of this vulnerability in upload.php, the attackers can execute arbitrary code by uploading a file with an executable extension via the "upfile" parameter. Solution Update the plugin...
WordPress WP People Plugin <= 1.6.1 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "person" parameter. Solution Update the plugin...
WordPress WP Call Plugin <= 0.3 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...
WordPress <= 2.3.9 - SQL Injection
Because of this vulnerability, the attackers can obtain sensitive information via an invalid "p" parameter. Solution Update WordPress...
WordPress Contact Form Plugin <= 1.5 - Multiple CSRF
Because of these vulnerabilities, the attackers can perform actions as administrators. Solution Update the plugin...
WordPress <= 2.2.3 - XSS
The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...
WordPress wordTube Plugin <= 1.43 - Remote File Inclusion
Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress wordTube plugin to the latest available version at least 1.44...
WordPress WP Table Plugin <= 1.43 - Directory Traversal
Because of this vulnerability, the attackers can include and execute arbitrary local files via the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...
WordPress <= 2.0.3 - Multiple Vulnerabilities
Because of these vulnerabilities, WordPress 2.0.3 and previous versions have unknown impact and remote attack vectors. Solution Update the WordPress to the latest available version at least 2.0.4...
WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Because of these vulnerabilities in template-functions-post.php, attackers can execute arbitrary commands via the title of the post or content. Solution Update WordPress to the latest possible version...
NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions vulnerability discovered by ? in WordPress Npm network-ai versions = 5.0.0, = 5.12.1...
NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning
NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...
NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`
NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via /.well-known/appspecific/com.chrome.devtools.json vulnerability discovered by ? in WordPress Npm nuxt versions = 4.0.0-alpha.1, 4.4.7...
WordPress Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability
Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability discovered by ? in WordPress Plugin Rank Math SEO versions = 1.0.271...