ID |
Disc Date |
Title |
121411 |
28/04/2015 |
Exquisite - Ultimate Newspaper Theme Plugin for Wordpress jquery.foundation.plugins.js DOM-Based URI XSS |
121366 |
27/04/2015 |
WooCommerce Amazon Affiliates Plugin for WordPress /plugins/wwc-amz-aff/modules/remote_support/remote_tunnel.php File Upload Remote Code Execution |
121320 |
27/04/2015 |
WordPress Blog Comment Truncation Stored XSS |
121286 |
25/04/2015 |
Disclaimer and Notification Manager for Authors Plugin for WordPress disclaimer-manager-multi-author-blog.php XSS |
121287 |
25/04/2015 |
Theater Plugin for WordPress functions/wpt_importer.php settings_field_schedule() Function XSS |
121288 |
25/04/2015 |
CoursePress Plugin for WordPress Unspecified XSS |
121289 |
25/04/2015 |
Collapse-O-Matic Plugin for WordPress collapse-o-matic.php plugin_oven_activate_license() Function XSS |
121290 |
24/04/2015 |
WP Google Map Plugin for WordPress wp-google-map-plugin.php XSS |
121291 |
24/04/2015 |
WP User Avatar Plugin for WordPress Multiple Function XSS |
121233 |
24/04/2015 |
Premium SEO Pack Plugin for WordPress remote_tunnel.php validate_connection() Function Bypass File Upload Remote Code Execution |
121202 |
23/04/2015 |
WooFramework Theme for WordPress woo_sbm_callback() Function woo_sbm_post_action Action XSS |
121294 |
23/04/2015 |
Slideshow Plugin for WordPress classes/SlideshowPluginSlideshowStylesheet.php Unspecified Issue |
121296 |
22/04/2015 |
WooSidebars Plugin for WordPress classes/class-woo-sidebars.php XSS |
121297 |
22/04/2015 |
WooSidebars Sidebar Manager Converter Plugin for WordPress classes/class-woosidebars-sbm-converter.php XSS |
121298 |
22/04/2015 |
Icons for Features Plugin for WordPress classes/class-icons-for-features-admin.php XSS |
121299 |
22/04/2015 |
Subscribe & Connect Plugin for WordPress classes/class-subscribe-and-connect-admin.php XSS |
121300 |
22/04/2015 |
WooFramework Tweaks Plugin for WordPress wooframework-tweaks.php XSS |
121301 |
22/04/2015 |
WooFramework Branding Plugin for WordPress wooframework-branding.php XSS |
121164 |
22/04/2015 |
Ultimate Product Catalogue Plugin for WordPress Add_Products_From_Spreadsheet() Function File Upload Remote Code Execution |
121165 |
22/04/2015 |
Ultimate Product Catalogue Plugin for WordPress Options Settings Unspecified SQL Injection |
121507 |
22/04/2015 |
White Label CMS Plugin for WordPress wlcms-plugin.php Import Handling CSRF |
121082 |
21/04/2015 |
MailChimp List Subscribe Form Plugin for WordPress User Subscription Email Field Stored XSS |
121081 |
21/04/2015 |
MailChimp Subscribe Form Plugin for WordPress User Subscription Email Field Remote PHP Code Execution |
121080 |
21/04/2015 |
MailChimp Subscribe Form Plugin for WordPress subscriber-list-download.php Direct Request Subscriber List Disclosure |
121121 |
21/04/2015 |
NEX-Forms Plugin for WordPress wp-admin/admin-ajax.php submit_nex_form Action ex_forms_Id Parameter SQL Injection |
121124 |
21/04/2015 |
MiwoFTP Plugin for WordPress /wp-admin/admin.php miwoftp Page item Parameter Remote File Download |
121085 |
21/04/2015 |
WordPress Unspecified File Upload |
121302 |
21/04/2015 |
PressBooks Textbook Plugin for WordPress symbionts/disable-comments/disable-comments.php XSS |
121303 |
21/04/2015 |
WP-Spreadplugin Plugin for WordPress spreadplugin.php XSS |
121304 |
21/04/2015 |
church_admin Plugin for WordPress Multiple Input XSS |
121305 |
21/04/2015 |
WP Print Friendly Plugin for WordPress wp-print-friendly.php action_admin_notices_activation() Function XSS |
121307 |
21/04/2015 |
CampTix Network Tools Plugin for WordPress includes/class-camptix-network-dashboard-list-table.php get_views() Function XSS |
121382 |
21/04/2015 |
rtMedia Plugin for WordPress Multiple Input XSS |
121383 |
21/04/2015 |
rtMedia Plugin for WordPress app/importers/RTMediaActivityUpgrade.php rtmedia_activity_upgrade() Ajax Method last_id Parameter SQL Injection |
121279 |
21/04/2015 |
CMS Tree Page View Plugin for WordPress functions.php Multiple Parameter XSS |
121381 |
21/04/2015 |
rtMedia Plugin for WordPress app/importers/RTMediaMediaSizeImporter.php rtmedia_media_size_import() Ajax Method last_id Parameter SQL Injection |
121086 |
21/04/2015 |
WordPress Unspecified XSS |
121087 |
21/04/2015 |
WordPress Unspecified Limited XSS |
121069 |
20/04/2015 |
All In one SEO Pack Plugin for WordPress Multiple Function Unspecified XSS |
121070 |
20/04/2015 |
Gravity Forms Plugin for WordPress Multiple Function Unspecified XSS |
121072 |
20/04/2015 |
WP-E-Commerce Plugin for WordPress Multiple Function Unspecified XSS |
121073 |
20/04/2015 |
WPTouch Plugin for WordPress Multiple Function Unspecified XSS |
121074 |
20/04/2015 |
Barry Kooij Multiple Plugins for WordPress Multiple Function Unspecified XSS |
121075 |
20/04/2015 |
My Calendar Plugin for WordPress Multiple Function Unspecified XSS |
121076 |
20/04/2015 |
P3 Profiler Plugin for WordPress Multiple Function Unspecified XSS |
121077 |
20/04/2015 |
Give Plugin for WordPress Multiple Function Unspecified XSS |
121083 |
20/04/2015 |
iThemes Multiple Plugins / Themes for WordPress Multiple Function Unspecified XSS |
121277 |
20/04/2015 |
Crayon Syntax Highlighter Plugin for WordPress crayon_wp.class.php crayon-theme-editor-save() Method CSS Theme Overwrite Issue |
121066 |
20/04/2015 |
Jetpack Plugin for WordPress Multiple Function Unspecified XSS |
121067 |
20/04/2015 |
WordPress SEO Plugin for WordPress Multiple Function Unspecified XSS |
121079 |
20/04/2015 |
Ninja Forms Plugin for WordPress Multiple Function XSS Weakness |
121078 |
20/04/2015 |
Broken-Link-Checker Plugin for WordPress Multiple Function XSS |
121071 |
20/04/2015 |
UpdraftPlus Plugin for WordPress admin.php Multiple Function XSS |
121308 |
20/04/2015 |
View All Post's Pages Plugin for WordPress view-all-posts-pages.php action_admin_notices_activation() Function XSS |
121309 |
20/04/2015 |
Date-based Taxonomy Archives Plugin for WordPress date-based-taxonomy-archives.php filter_get_archives_link() Function XSS |
121310 |
20/04/2015 |
Taxonomy Switcher Plugin for WordPress taxonomy-switcher.php XSS |
121311 |
20/04/2015 |
Two Factor Authentication Plugin for WordPress includes/user_settings.php XSS |
121312 |
20/04/2015 |
Two Factor Authentication Plugin for WordPress two-factor-login.php XSS |
121313 |
20/04/2015 |
Two Factor Authentication Plugin for WordPress includes/admin_settings.php XSS |
121122 |
20/04/2015 |
Google Analytics by Yoast Plugin for Wordpress URI Handling Popular Pages Functionality Stored XSS |
121337 |
20/04/2015 |
WDS Multisite Aggregate Plugin for WordPress includes/WDS_Multisite_Aggregate_Options.php XSS |
121338 |
20/04/2015 |
Link Library Plugin for WordPress link-library-admin.php XSS |
121339 |
20/04/2015 |
Link Library Plugin for WordPress render-link-library-alpha-filter.php XSS |
121340 |
20/04/2015 |
Link Library Plugin for WordPress render-link-library-sc.php XSS |
121341 |
20/04/2015 |
Link Library Plugin for WordPress usersubmission.php XSS |
121384 |
20/04/2015 |
Bilingual Linker Plugin for WordPress bilingual-linker.php XSS |
121387 |
20/04/2015 |
Aesop Story Engine Plugin for WordPress admin/includes/class.welcome.php XSS Weakness |
121084 |
20/04/2015 |
Easy Digital Downloads Multiple Plugins for WordPress Multiple Function Unspecified XSS |
121068 |
20/04/2015 |
Google Analytics by Yoast Plugin for WordPress Multiple Function Unspecified XSS |
120989 |
17/04/2015 |
Users Ultra Plugin for WordPress xooclasses/xoo.userultra.photos.php Gallery ID Handling SQL Injection |
121042 |
17/04/2015 |
WP-Mon Plugin for WordPress /assets/download.php path Parameter Remote Path Traversal File Access |
120988 |
17/04/2015 |
Mashshare Plugin for WordPress includes/admin/tools.php Multiple Functions Missing Capability Checks Remote Bypass |
120840 |
16/04/2015 |
Ajax Store Locator Plugin for WordPress admin-ajax.php sl_dal_searchlocation_cbf() Function StoreLocation Parameter SQL Injection |
121008 |
16/04/2015 |
FooBox Image Lightbox Plugin for WordPress foobox-free.php admin_notice() Function XSS |
120859 |
16/04/2015 |
Citizen Space Plugin for WordPress citizenspace_consultation path Parameter Reflected XSS |
120858 |
16/04/2015 |
Content Slide Plugin for WordPress content_slide.php wpcs_options[slide_image1] Parameter Stored XSS |
120880 |
15/04/2015 |
WP Statistics Plugin for WordPress Settings Page Multiple Unspecified Parameter Stored XSS |
121009 |
15/04/2015 |
Contus Video Gallery Plugin for WordPress admin/ajax/videoupload.php Video Upload CSRF |
121392 |
15/04/2015 |
eShop Plugin for WordPress Unspecified Remote Code Execution |
120794 |
14/04/2015 |
Contus Video Gallery Plugin for WordPress hdflvvideoshare.php vid Parameter SQL Injection |
120797 |
14/04/2015 |
MiwoFTP Plugin for WordPress /wp-admin/admin.php miwoftp Page selitems[] Parameter Remote File Deletion |
120798 |
14/04/2015 |
MiwoFTP Plugin for WordPress /wp-admin/admin.php miwoftp Page Multiple Parameter XSS Weakness |
120791 |
14/04/2015 |
MiwoFTP Plugin for WordPress wp-comments.php PHP File Upload CSRF |
120821 |
14/04/2015 |
WP Symposium Plugin for WordPress Forum Feature Unspecified SQL Injection |
121125 |
14/04/2015 |
iThemes Security Plugin for WordPress better-wp-security/modules/free/four-oh-four/class-itsec-four-oh-four.php Multiple Vector Stored XSS |
121278 |
14/04/2015 |
Crayon Syntax Highlighter Plugin for WordPress data-url Attribute Handling Remote Path Traversal File Access |
120606 |
13/04/2015 |
Mobile Edition Plugin for WordPress /wp-content/themes/mTheme-Unus/css/css.php files Parameter Remote Path Traversal File Access |
120608 |
13/04/2015 |
N-Media Website Contact Form with File Upload Plugin for WordPress upload_file() Function File Upload Remote Code Execution |
121014 |
13/04/2015 |
My Wish List Plugin for WordPress my-wish-list.php Multiple Parameter XSS |
121015 |
13/04/2015 |
Simple Secure Contact Form Plugin for WordPress simple-secure-contact-form.php Widget Description Handling XSS |
121016 |
13/04/2015 |
My Wish List Plugin for WordPress templates/single-wishlist.php wish_donor_donation Parameter XSS |
120823 |
12/04/2015 |
Tune Library Plugin for WordPress tune-library.php Multiple Input SQL Injection |
121022 |
12/04/2015 |
Collapsing Categories List Plugin for WordPress collapscatlist.php Direct Request Remote Bypass |
120825 |
12/04/2015 |
Community Events Plugin for WordPress get-events.php Multiple Parameter SQL Injection |
120824 |
12/04/2015 |
Community Events Plugin for WordPress get-events-admin.php Multiple Parameter SQL Injection |
120822 |
12/04/2015 |
Community Events Plugin for WordPress community-events.php Multiple Parameter SQL Injection |
121024 |
11/04/2015 |
Broken Link Checker Plugin for WordPress core/core.php do_bulk_recheck() Function CSRF |
121025 |
11/04/2015 |
Broken Link Checker Plugin for WordPress core/core.php name Parameter XSS |
121023 |
11/04/2015 |
Add Link to Facebook Plugin for WordPress add-link-to-facebook-class.php Multiple Parameter Stored XSS |
120545 |
10/04/2015 |
Fusion Engage Plugin for WordPress /wp-config.php fe_get_sv_html() Function video Parameter Remote Path Traversal File Access |
121132 |
10/04/2015 |
BuddyPress Plugin for WordPress Load More Link Unspecified Input Validation issue |
121133 |
10/04/2015 |
BuddyPress Plugin for WordPress Member Widget Manipulation CSRF |
120546 |
10/04/2015 |
Windows Desktop and iPhone Photo Uploader Plugin for WordPress uploader.php File Upload Remote Code Execution |
120510 |
09/04/2015 |
Zedity Plugin for WordPress Unspecified Issue |
121126 |
09/04/2015 |
JSON REST API Plugin for WordPress (WP API) Unspecified Unpublished Content / Post Revision Disclosure |
120509 |
09/04/2015 |
Duplicator Plugin for WordPress views/actions.php duplicator_delid Parameter SQL Injection |
120491 |
08/04/2015 |
Traffic Analyzer Plugin for WordPress class-TrafficAnalyzer.php Referer Header Blind SQL Injection |
121438 |
08/04/2015 |
TheCartPress Plugin for WordPress /shopping-cart/checkout/ Multiple Parameter Stored XSS |
121439 |
08/04/2015 |
TheCartPress Plugin for WordPress /wp-admin/admin.php checkout_editor_settings Page tcp_box_path Parameter Path Traversal Local File Inclusion |
121440 |
08/04/2015 |
TheCartPress Plugin for WordPress order_id Parameter Enumeration Arbitrary Customer Order Disclosure |
121469 |
08/04/2015 |
TheCartPress Plugin for WordPress thecartpress/admin/AddressesList.php search_by Parameter Reflected XSS |
121470 |
08/04/2015 |
TheCartPress Plugin for WordPress thecartpress/admin/AddressEdit.php Multiple Parameter Reflected XSS |
121471 |
08/04/2015 |
TheCartPress Plugin for WordPress thecartpress/admin/AssignedCategoriesList.php Multiple Parameter Reflected XSS |
121472 |
08/04/2015 |
TheCartPress Plugin for WordPress thecartpress/admin/CustomFieldsList.php post_type Parameter Reflected XSS |
120511 |
07/04/2015 |
Floating Social Bar Plugin for WordPress class-floating-social-bar.php Remote Unauthorized Settings Manipulation |
120512 |
07/04/2015 |
WP Fastest Cache Plugin for WordPress inc/wp-polls.php poll_id Parameter SQL Injection |
120599 |
07/04/2015 |
Floating Social Bar Plugin for WordPress class-floating-social-bar.php Multiple Action CSRF |
120497 |
06/04/2015 |
All In One WP Security & Firewall Plugin for WordPress admin/wp-security-list-404.php Multiple Parameter Blind SQL Injection |
120498 |
06/04/2015 |
All In One WP Security & Firewall Plugin for WordPress admin/wp-security-list-login-fails.php Multiple Parameter Blind SQL Injection |
120499 |
06/04/2015 |
All In One WP Security & Firewall Plugin for WordPress admin/wp-security-list-acct-activity.php Multiple Parameter Blind SQL Injection |
120500 |
06/04/2015 |
All In One WP Security & Firewall Plugin for WordPress admin/wp-security-list-locked-ip.php Multiple Parameter Blind SQL Injection |
120520 |
06/04/2015 |
PHP Event Calendar Plugin for WordPress server/classes/cls_phpeventcal.php Remote File Upload |
121267 |
06/04/2015 |
QAEngine Theme for WordPress class-ae-users.php Admin User Creation Remote Privilege Escalation |
120302 |
04/04/2015 |
QRCodes Plugin for WordPress Unspecified XSS |
120303 |
04/04/2015 |
Work The Flow File Upload Plugin for WordPress Unrestricted Remote File Upload |
120315 |
03/04/2015 |
WP Super Cache Plugin for WordPress wp-cache.php Cache List Content Handling Stored XSS |
120230 |
02/04/2015 |
Simple Ads Manager Plugin for WordPress sam-ajax.php Multiple Parameter SQL Injection |
120233 |
02/04/2015 |
Simple Ads Manager Plugin for WordPress sam-ajax-admin.php path Parameter File Upload Remote Code Execution |
120231 |
02/04/2015 |
Simple Ads Manager Plugin for WordPress sam-ajax-admin.php Multiple Parameter SQL Injection |
120907 |
02/04/2015 |
Better WP Security Plugin for WordPress admin_tooltip_ajax() Function module Parameter Remote Code Execution |
120306 |
02/04/2015 |
Events Manager Plugin for WordPress classes/em-object.php Multiple Parameter SQL Injection |
121270 |
02/04/2015 |
WP Easy Slideshow Plugin for WordPress /includes/wss-images.php Image Deletion CSRF |
121271 |
02/04/2015 |
WP Easy Slideshow Plugin for WordPress /includes/add_image.php File Upload CSRF Weakness |
121441 |
02/04/2015 |
UpThemes Multiple Themes for WordPress admin/upload-file.php File Upload Remote Code Execution |
120224 |
01/04/2015 |
Business Intelligence Lite Plugin for Wordpress view.php t Parameter SQL Injection |
120310 |
01/04/2015 |
Favicon by RealFaviconGenerator Plugin for WordPress admin/class-favicon-by-realfavicongenerator-admin.php Favicon Installation CSRF |