Page 157 of 1624 results (0.088 seconds)

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

07 Jul 2020 — The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. • https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

07 Jul 2020 — The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. • https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

11 Mar 2020 — The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. • https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2020 — The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. • https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

28 Jan 2020 — The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. • https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

25 Oct 2019 — The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. • https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 10.0EPSS: 69%CPEs: 1EXPL: 1

28 Sep 2019 — A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Se presenta una vulnerabilidad de SSRF ciega en el plugin Visualizer versiones anteriores a 3.3.1 para WordPress por medio del archivo wp-json/visualizer/v1/upload-data. • https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

09 Sep 2019 — The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. • https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

26 Jul 2019 — A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. ... Se presenta una vulnerabilidad de inyección SQL en el plugin 10Web Photo Gallery anterior a versión 1.5.31 para WordPress. • https://wordpress.org/plugins/photo-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

20 Jul 2019 — An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. ... Se detectó un problema en el plugin OnionBuzz anterior a versión 1.2.2 de Viral Quiz Maker para WordPress. ... The Viral Quiz Maker - OnionBuzz plugin for WordPress is vulnerable to blind SQL Injection via the ‘ob_get_results' ajax nopriv handler in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi... • http://www.openwall.com/lists/oss-security/2019/07/23/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •