Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data.
Published Sep 21, 2015 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Published Sep 16, 2015 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The relevant plugin before 1.0.8 for WordPress has XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Postmatic plugin before 1.4.6 for WordPress has XSS.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
Published Sep 26, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
Published Sep 25, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.
Published Sep 25, 2019 · Updated Aug 6, 2024