Theme My Login 6.3.9 - Local File Inclusion
108517
http://packetstormsecurity.com/files/127302/
http://seclists.org/fulldisclosure/2014/Jun/172
http://www.securityfocus.com/bid/68254
LFI
6.3.10
Login Rebuilder < 1.2.0 - Cross Site Request Forgery Vulnerability
108364
2014-3882
CSRF
1.2.0
Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
108444
2014-4717
33896
https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
http://packetstormsecurity.com/files/127238/
CSRF
4.5
Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
108445
33896
https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
http://packetstormsecurity.com/files/127238/
XSS
4.5
Content Slide <= 1.4.2 - Cross Site Request Forgery Vulnerability
93871
2013-2708
52949
CSRF
WP Cron DashBoard <= 1.1.5 - wp-cron-dashboard.php procname Parameter Reflected XSS
100660
2013-6991
http://packetstormsecurity.com/files/124602/
https://www.htbridge.com/advisory/HTB23189
XSS
Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability
93953
2013-2705
52963
CSRF
3.6
WP-SendSMS 1.0 - Setting Manipulation CSRF
94209
53796
26124
CSRF
WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS
94210
26124
XSS
Mail Subscribe List - Script Insertion Vulnerability
53732
94197
XSS
2.1
S3 Video <= 0.97 - VideoJS Cross Site Scripting Vulnerability
53437
http://seclists.org/fulldisclosure/2013/May/66
XSS
0.98
S3 Video 0.982 - preview_video.php base Parameter XSS
101388
56167
2013-7279
XSS
0.983
VideoJS Cross - Site Scripting Vulnerability
53426
http://seclists.org/fulldisclosure/2013/May/66
XSS
4.1
VideoJS Cross - Site Scripting Vulnerability
53445
http://seclists.org/fulldisclosure/2013/May/66
XSS
1.4
VideoJS Cross - Site Scripting Vulnerability
53396
http://seclists.org/fulldisclosure/2013/May/66
XSS
2.1
VideoJS Cross - Site Scripting Vulnerability
http://seclists.org/fulldisclosure/2013/May/66
XSS
Crayon Syntax Highlighter - Remote File Inclusion Vulnerability
50804
http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
RFI
1.13
UnGallery <= 1.5.8 - Local File Disclosure Vulnerability
17704
LFI
UnGallery - Arbitrary Command Execution
50875
http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/
RCE
2.1.6
Thank You Counter Button 1.8.7 - wp-admin/options.php Multiple Parameter Stored XSS
103778
http://packetstormsecurity.com/files/125397/
http://www.securityfocus.com/bid/65805
2014-2315
XSS
Thank You Counter Button <= 1.8.2 - XSS
50977
XSS
1.8.3
Bookings <= 1.8.2 - controlpanel.php error Parameter XSS
86613
50975
XSS
1.8.3
Cimy User Manager <= 1.4.2 - Arbitrary File Disclosure
50834
http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/
UNKNOWN
1.4.4
FireStorm Professional Real Estate 2.06.01 - xml/marker_listings.php id Parameter SQL Injection
86686
51107
22071
http://packetstormsecurity.com/files/118232/
http://xforce.iss.net/xforce/xfdb/80261
SQLI
2.06.04
FireStorm Professional Real Estate - Multiple SQL Injection
50873
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
SQLI
2.06.03
WP125 <= 1.4.4 - Multiple XSS
50976
XSS
1.4.5
WP125 <= 1.4.9 - CSRF
92113
2013-2700
52876
http://www.securityfocus.com/bid/58934
CSRF
1.5.0
All Video Gallery - Multiple SQL Injection Vulnerabilities
50874
22427
http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/
SQLI
BuddyStream - XSS
50972
XSS
Post views 2.6.1 - wp-content/plugins/post-views/post-views.php search_input Parameter XSS
87349
50982
http://www.securityfocus.com/bid/56555
http://xforce.iss.net/xforce/xfdb/80076
XSS
Floating Social Media Links <= 1.4.2 - fsml-admin.js.php wpp Parameter Remote File Inclusion
88383
51346
http://www.securityfocus.com/bid/56913
http://xforce.iss.net/xforce/xfdb/80641
http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
RFI
1.4.3
Floating Social Media Links <= 1.4.2 - fsml-hideshow.js.php wpp Parameter Remote File Inclusion
88385
51346
http://www.securityfocus.com/bid/56913
http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
RFI
1.4.3
Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS
89069
2012-4920
50833
http://www.securityfocus.com/bid/57224
http://xforce.iss.net/xforce/xfdb/81156
http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/
XSS
1.4.4
Google Document Embedder - Arbitrary File Disclosure
2012-4915
23970
50832
http://www.securityfocus.com/bid/57133
http://packetstormsecurity.com/files/119329/
http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
exploit/unix/webapp/wp_google_document_embedder_exec
UNKNOWN
2.5.4
extended-user-profile - Full Path Disclosure vulnerability
http://1337day.com/exploit/20118
FPD
superslider-show - Full Path Disclosure vulnerability
http://1337day.com/exploit/20117
FPD
multibox - Full Path Disclosure vulnerability
http://1337day.com/exploit/20119
FPD
OpenInviter - Information Disclosure
http://packetstormsecurity.com/files/119265/
UNKNOWN
RokBox - Multiple Vulnerabilities
http://1337day.com/exploit/19981
MULTI
RokBox <= 2.13 - thumb.php src Parameter Malformed Input Path Disclosure
88604
http://packetstormsecurity.com/files/118884/
http://xforce.iss.net/xforce/xfdb/80732
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
UNKNOWN
RokBox <= 2.13 - thumb.php src Parameter XSS
88605
http://packetstormsecurity.com/files/118884/
http://xforce.iss.net/xforce/xfdb/80731
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
XSS
RokBox <= 2.13 - rokbox.php Direct Request Path Disclosure
88606
http://packetstormsecurity.com/files/118884/
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
UNKNOWN
RokBox <= 2.13 - error_log Direct Request Error Log Information Disclosure
88607
http://packetstormsecurity.com/files/118884/
http://xforce.iss.net/xforce/xfdb/80761
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
UNKNOWN
RokBox <= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS
88608
http://packetstormsecurity.com/files/118884/
http://xforce.iss.net/xforce/xfdb/80731
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
XSS
RokBox <= 2.13 - thumb.php src Parameter Arbitrary File Upload
88609
http://packetstormsecurity.com/files/118884/
http://xforce.iss.net/xforce/xfdb/80733
http://xforce.iss.net/xforce/xfdb/80739
http://www.securityfocus.com/bid/56953
http://seclists.org/fulldisclosure/2012/Dec/159
UPLOAD
RokIntroScroller <= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities
97418
54801
http://packetstormsecurity.com/files/123302/
http://seclists.org/fulldisclosure/2013/Sep/121
MULTI
RokMicroNews <= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities
97418
54801
http://packetstormsecurity.com/files/123312/
http://seclists.org/fulldisclosure/2013/Sep/124
MULTI
RokNewsPager <= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities
97418
54801
http://packetstormsecurity.com/files/123271/
http://seclists.org/fulldisclosure/2013/Sep/109
MULTI
RokStories <= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities
97418
54801
http://packetstormsecurity.com/files/123270/
http://seclists.org/fulldisclosure/2013/Sep/108
MULTI
grou-random-image-widget - Full Path Disclosure
http://1337day.com/exploit/20047
FPD
sintic_gallery - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/19993
UPLOAD
sintic_gallery - Path Disclosure Vulnerability
http://1337day.com/exploit/20020
FPD
WP-UserOnline - Full Path Disclosure
http://seclists.org/fulldisclosure/2010/Jul/8
FPD
Wp-UserOnline <= 0.62 - Persistent XSS
http://seclists.org/fulldisclosure/2010/Jul/8
XSS
Shopping Cart 8.1.14 - Shell Upload, SQL Injection
http://packetstormsecurity.com/files/119217/
51690
MULTI
8.1.15
Level Four Storefront - levelfourstorefront/getsortmanufacturers.php id Parameter SQL Injection
91680
http://packetstormsecurity.com/files/120950/
SQLI
ReFlex Gallery 1.4.2 - Unspecified XSS
102585
XSS
1.4.3
ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
88869
FPD
ReFlex Gallery 1.3 - Shell Upload
http://packetstormsecurity.com/files/119218/
UPLOAD
Uploader 1.0.4 - Shell Upload
http://packetstormsecurity.com/files/119219/
UPLOAD
Uploader 1.0.4 - notify.php blog Parameter XSS
90840
2013-2287
52465
XSS
Xerte Online 0.32 - Shell Upload
http://packetstormsecurity.com/files/119220/
UPLOAD
Advanced Custom Fields <= 3.5.1 - Remote File Inclusion
http://packetstormsecurity.com/files/119221/
51037
23856
87353
exploit/unix/webapp/wp_advanced_custom_fields_exec
RFI
3.5.2
sitepress-multilingual-cms - Full Path Disclosure
http://1337day.com/exploit/20067
FPD
Asset Manager 0.2 - Arbitrary File Upload
82653
18993
23652
49378
http://www.securityfocus.com/bid/53809
http://packetstormsecurity.com/files/119133/
UPLOAD
Asset Manager - upload.php Arbitrary Code Execution
82653
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
http://packetstormsecurity.com/files/113285/
http://xforce.iss.net/xforce/xfdb/80823
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Blaze Slideshow 2.1 - Unspecified Security Vulnerability
http://www.securityfocus.com/bid/52677
UNKNOWN
2.2
Comment Extra Field 1.7 - CSRF / XSS
http://packetstormsecurity.com/files/122625/
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
MULTI
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
PDW File Browser - upload.php Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53895
UPLOAD
powerzoomer - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20253
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution
87373
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
TinyMCE 3.5 - swfupload Cross-Site Scripting Vulnerability
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
51224
XSS
3.6
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
wp-3dflick-slideshow - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20255
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
51250
XSS
Carousel Slideshow - Unspecified Vulnerabilities
50377
UNKNOWN
3.10
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
wp-homepage-slideshow - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20260
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Image News Slider 3.3 - Arbitrary File Upload Vulnerability
87375
http://1337day.com/exploit/20259
UPLOAD
Image News Slider 3.3 - Unspecified Vulnerabilities
84935
50390
UNKNOWN
3.4
Image News Slider 3.2 - Multiple Unspecified Remote Issues
81314
2012-4327
48747
http://www.securityfocus.com/bid/52977
http://xforce.iss.net/xforce/xfdb/74788
UNKNOWN
3.3
Image News Slider 3.1 - Multiple Unspecified Remote Issues
80310
48538
UNKNOWN
3.2
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Image Resizer - Cross Site Scripting
http://packetstormsecurity.com/files/123651/
XSS
wp-levoslideshow - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20250
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
wp-powerplaygallery - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20252
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
wp-royal-gallery - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20261
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
wp superb Slideshow - Full Path Disclosure
http://1337day.com/exploit/19979
FPD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Ajax - Post Search Sql Injection
http://seclists.org/bugtraq/2012/Nov/33
51205
http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html
SQLI
1.3
Answer My Question 1.1 - record_question.php Multiple Parameter XSS
85567
50655
http://www.securityfocus.com/archive/1/524625/30/0/threaded
http://seclists.org/bugtraq/2012/Nov/24
XSS
1.2
Spider Catalog - HTML Code Injection and Cross-site scripting
http://packetstormsecurity.com/files/117820/
51143
MULTI
Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/60079
MULTI
Spider Catalog 1.4.6 - Multiple Shortcode id Parameter SQL Injection
93589
25724
53491
http://seclists.org/bugtraq/2013/May/79
SQLI
Spider Catalog 1.4.6 - catalog.php catalog_after_search_results Function s Parameter SQL Injection
93590
25724
53491
http://seclists.org/bugtraq/2013/May/79
SQLI
Spider Catalog 1.4.6 - Categories.php Multiple Function id Parameter SQL Injection
93591
25724
53491
http://seclists.org/bugtraq/2013/May/79
SQLI
Spider Catalog 1.4.6 - products.php Multiple Function Multiple Parameter SQL Injection
93592
25724
53491
http://seclists.org/bugtraq/2013/May/79
SQLI
Spider Catalog 1.4.6 - Category Entry Multiple Field XSS
93593
25723
53491
http://seclists.org/bugtraq/2013/May/79
XSS
Spider Catalog 1.4.6 - Categories.html.php Multiple Parameter XSS
93594
25724
53491
http://seclists.org/bugtraq/2013/May/79
XSS
Spider Catalog 1.4.6 - Products.html.php Multiple Parameter XSS
93595
25724
53491
http://seclists.org/bugtraq/2013/May/79
XSS
Spider Catalog 1.4.6 - spiderBox/spiderBox.js.php Multiple Parameter XSS
93596
25724
53491
http://seclists.org/bugtraq/2013/May/79
XSS
Spider Catalog 1.4.6 - catalog.php spider_box_js_php Function Multiple Parameter XSS
93597
25724
53491
http://seclists.org/bugtraq/2013/May/79
XSS
Spider Catalog 1.4.6 - Multiple Script Direct Request Path Disclosure
93598
25724
53491
http://seclists.org/bugtraq/2013/May/79
FPD
Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
102445
56558
XSS
3.8.7
Wordfence 3.8.1 - lib/wordfenceClass.php isStrongPasswd Function Password Creation Restriction Bypass Weakness
102478
AUTHBYPASS
3.8.3
Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS
97884
http://packetstormsecurity.com/files/122993/
http://www.securityfocus.com/bid/62053
XSS
3.8.3
Wordfence 3.3.5 - XSS and IAA
86557
51055
http://seclists.org/fulldisclosure/2012/Oct/139
MULTI
3.3.7
Slideshow jQuery Image Gallery - Multiple Vulnerabilities
http://www.waraxe.us/advisory-92.html
MULTI
Slideshow - Multiple Script Insertion Vulnerabilities
51135
XSS
Social Discussions 6.1.1 - Multiple Script Direct Request Path Disclosure
86730
22158
http://xforce.iss.net/xforce/xfdb/79465
http://www.waraxe.us/advisory-93.html
FPD
Social Discussions 6.1.1 - social-discussions-networkpub_ajax.php HTTP_ENV_VARS Parameter Remote File Inclusion
86731
22158
http://xforce.iss.net/xforce/xfdb/79464
http://www.waraxe.us/advisory-93.html
RFI
ABtest - Directory Traversal
http://scott-herbert.com/?p=140
UNKNOWN
BBPress - Multiple Script Malformed Input Path Disclosure
86399
22396
http://xforce.iss.net/xforce/xfdb/78244
http://packetstormsecurity.com/files/116123/
SQLI
BBPress - forum.php page Parameter SQL Injection
86400
22396
http://xforce.iss.net/xforce/xfdb/78244
http://packetstormsecurity.com/files/116123/
SQLI
NextGen Cu3er Gallery - Information Disclosure
http://packetstormsecurity.com/files/116150/
UNKNOWN
Rich Widget - File Upload
http://packetstormsecurity.com/files/115787/
UPLOAD
Monsters Editor - Shell Upload
http://packetstormsecurity.com/files/115788/
UPLOAD
Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities
http://seclists.org/bugtraq/2012/Aug/66
XSS
ThreeWP Email Reflector 1.13 - Subject Field XSS
2012-2572
85134
20365
XSS
1.16
SimpleMail 1.0.6 - Stored XSS
84534
2012-2579
20361
50208
XSS
Postie 1.4.3 - Stored XSS
84532
2012-2580
20360
50207
XSS
1.5.15
RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS
84749
50289
20474
XSS
2.5.5
Mz-jajak <= 2.1 - index.php id Parameter SQL Injection
84698
50217
20416
SQLI
Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload
83807
49896
19791
http://packetstormsecurity.com/files/114716/
UPLOAD
WP-Predict 1.0 - Blind SQL Injection
83697
49843
19715
SQLI
Backup 2.0.1 - Information Disclosure
83701
50038
19524
UNKNOWN
2.1
MoodThingy Widget 0.8.7 - admin-ajax.php Multiple Parameter lydl_store_results Function SQL Injection
83632
49805
19572
SQLI
Paid Business Listings 1.0.2 - Form Submission pbl_listing_pkg_id Parameter SQL Injection
83768
19481
SQLI
Website FAQ 1.0 - wp-admin/admin-ajax.php category Parameter SQL injection
83265
49682
19400
SQLI
Fancy Gallery 1.2.4 - Shell Upload
83410
19398
http://packetstormsecurity.com/files/114114/
UPLOAD
Flip Book 1.0 - Shell Upload
http://packetstormsecurity.com/files/114112/
UPLOAD
Ajax Multi Upload 1.1 - Shell Upload
http://packetstormsecurity.com/files/114109/
UPLOAD
Schreikasten 0.14.13 - wp-admin/admin-ajax.php Multiple Parameter XSS
83152
49600
19294
XSS
Automatic 2.0.3 - csv.php q Parameter SQL Injection
82971
49573
19187
http://packetstormsecurity.com/files/113763/
SQLI
2.0.4
VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/113580/
UPLOAD
Video Whisper - XSS
http://packetstormsecurity.com/files/122943/
XSS
VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS
103871
http://packetstormsecurity.com/files/125430/
XSS
VideoWhisper Live Streaming Integration 4.27.3 - ls/vc_chatlog.php msg Parameter Stored XSS
103821
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/v_status.php ct Parameter Reflected XSS
103820
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/lb_logout.php message Parameter Reflected XSS
103819
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/videotext.php n Parameter Reflected XSS
103818
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/video.php n Parameter Reflected XSS
103817
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/htmlchat.php n Parameter Reflected XSS
103816
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/rtmp_logout.php s Parameter Path Traversal Remote File Deletion
103815
2014-1907
http://packetstormsecurity.com/files/125454/
https://www.htbridge.com/advisory/HTB23199
UNKNOWN
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - ls/channel.php n Parameter Reflected XSS
103814
2014-1906
https://www.htbridge.com/advisory/HTB23199
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - Error Message Unspecified Remote Information Disclosure
103428
UNKNOWN
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - Unspecified Path Traversal
103427
UNKNOWN
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - Unspecified XSS
103426
XSS
4.29.5
VideoWhisper Live Streaming Integration 4.27.3 - Unspecified File Upload Remote Code Execution
103425
RCE
4.29.5
VideoWhisper Live Streaming Integration < 4.27.2 - XSS vulnerability in ls/vv_login.php via room_name parameter
2014-4569
http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss/
XSS
VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS
96593
2013-5714
54619
http://www.securityfocus.com/bid/61977
http://seclists.org/bugtraq/2013/Aug/163
XSS
Sitemile Auctions 2.0.1.3 - wp-content/plugins/auctionPlugin/upload.php File Upload PHP Code Execution
83075
49497
http://packetstormsecurity.com/files/113568/
UPLOAD
LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/113844/
UPLOAD
Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/113846/
UPLOAD
Wp-ImageZoom 1.0.3 - Remote File Disclosure
http://packetstormsecurity.com/files/113845/
UNKNOWN
Wp-ImageZoom - zoom.php id Parameter SQL Injection
87870
http://www.securityfocus.com/bid/56691
http://xforce.iss.net/xforce/xfdb/80285
SQLI
Invit0r 0.22 - Shell Upload
http://packetstormsecurity.com/files/113639/
UPLOAD
Annonces 1.2.0.1 - Shell Upload
http://packetstormsecurity.com/files/113637/
UPLOAD
Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/113571/
UPLOAD
Contus HD FLV Player <= 1.3 - SQL Injection Vulnerability
17678
SQLI
Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/113570/
UPLOAD
User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability
19052
UPLOAD
Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution
82843
49465
19053
http://packetstormsecurity.com/files/113522/
UPLOAD
SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution
82845
49466
19054
UPLOAD
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability
19055
UPLOAD
PICA Photo Gallery 1.0 - Remote File Disclosure
19016
http://www.securityfocus.com/bid/53893
UNKNOWN
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
Mac Photo Gallery - Two Security Bypass Security Issues
49923
AUTHBYPASS
Mac Photo Gallery - Multiple Script Insertion Vulnerabilities
49836
XSS
3.0
Mac Photo Gallery 2.7 - upload-file.php File Upload PHP Code Execution
82844
49468
19056
UPLOAD
drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
19057
UPLOAD
Custom Content Type Manager 0.9.5.13pl - upload_form.php File Upload PHP Code Execution
82904
19058
http://packetstormsecurity.com/files/113520/
UPLOAD
wp-gpx-max version 1.1.21 - Arbitrary File Upload
82900
2012-6649
19050
http://www.securityfocus.com/bid/53909
http://packetstormsecurity.org/files/113523/
UPLOAD
1.1.23
Front File Manager 0.1 - Arbitrary File Upload
19012
UPLOAD
Front End Upload 0.5.3 - Arbitrary File Upload
19008
UPLOAD
Front End Upload 0.5.4 - Arbitrary PHP File Upload
20083
UPLOAD
Omni Secure Files 0.1.13 - Arbitrary File Upload
19009
http://www.securityfocus.com/bid/53872
UPLOAD
Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability
19013
UNKNOWN
Plugin Newsletter 1.5 - Remote File Disclosure Vulnerability
82703
2012-3588
49464
19018
http://packetstormsecurity.org/files/113413/
UNKNOWN
RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution
82796
2012-3575
49463
19019
http://packetstormsecurity.com/files/113414/
http://xforce.iss.net/xforce/xfdb/76170
UPLOAD
Simple Download Button Shortcode 1.0 - Remote File Disclosure
19020
UNKNOWN
Thinkun Remind 1.1.3 - Remote File Disclosure
19021
UNKNOWN
Tinymce Thumbnail Gallery 1.0.7 - download-image.php href Parameter Traversal Arbitrary File Access
82706
49460
19022
http://packetstormsecurity.org/files/113417/
UNKNOWN
wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload
19023
UPLOAD
Gallery 3.06 - gallery-plugin/upload/php.php File Upload PHP Code Execution
82661
18998
UPLOAD
Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
89124
http://packetstormsecurity.com/files/119458/
http://www.securityfocus.com/bid/57256
http://seclists.org/bugtraq/2013/Jan/45
LFI
Font Uploader 1.2.4 - Arbitrary File Upload
18994
82657
2012-3814
http://www.securityfocus.com/bid/53853
UPLOAD
WP Property <= 1.38.3.2 - Non-administrative User XMLI Remote Information Disclosure
102709
UNKNOWN
1.38.4
WP Property <= 1.35.0 - Arbitrary File Upload
82656
18987
23651
49394
http://packetstormsecurity.com/files/113274/
UPLOAD
WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload
18988
UPLOAD
WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities
http://www.securityfocus.com/bid/52960
UPLOAD
1.2.2
Google Maps via Store Locator - Multiple Vulnerabilities
18989
MULTI
store-locator-le - SQL Injection
51757
SQLI
3.8.7
HTML5 AV Manager 0.2.7 - Arbitrary File Upload
18990
http://www.securityfocus.com/bid/53804
UPLOAD
Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload
http://packetstormsecurity.com/files/113576/
http://www.securityfocus.com/bid/53805
18991
19100
UPLOAD
FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection
http://packetstormsecurity.com/files/117768/
51109
MULTI
FoxyPress 0.4.2.5 - documenthandler.php prefix Parameter SQL Injection
86804
22374
http://xforce.iss.net/xforce/xfdb/79698
SQLI
FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter SQL Injection
86805
22374
http://xforce.iss.net/xforce/xfdb/79697
SQLI
FoxyPress 0.4.2.5 - inventory-category.php Multiple Parameter SQL Injection
86806
22374
http://xforce.iss.net/xforce/xfdb/79697
SQLI
FoxyPress 0.4.2.5 - reports.php Multiple Parameter XSS
86807
22374
http://xforce.iss.net/xforce/xfdb/79699
XSS
FoxyPress 0.4.2.5 - foxypress-affiliate.php aff_id Parameter XSS
86808
22374
http://xforce.iss.net/xforce/xfdb/79699
XSS
FoxyPress 0.4.2.5 - affiliate-management.php Multiple Parameter SQL Injection
86809
22374
http://xforce.iss.net/xforce/xfdb/79697
SQLI
FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter XSS
86810
22374
http://xforce.iss.net/xforce/xfdb/79699
XSS
FoxyPress 0.4.2.5 - order-management.php status Parameter XSS
86811
22374
http://xforce.iss.net/xforce/xfdb/79699
XSS
FoxyPress 0.4.2.5 - affiliate-management.php page Parameter XSS
86812
22374
http://xforce.iss.net/xforce/xfdb/79699
XSS
FoxyPress 0.4.2.5 - foxypress-affiliate.php url Parameter Arbitrary Site Redirect
86813
22374
http://xforce.iss.net/xforce/xfdb/79700
UNKNOWN
FoxyPress 0.4.2.5 - Multiple CSV File Direct Request Information Disclosure
86814
22374
http://xforce.iss.net/xforce/xfdb/79701
UNKNOWN
FoxyPress 0.4.2.5 - ajax.php Access Restriction Multiple Command Execution
86815
22374
http://xforce.iss.net/xforce/xfdb/79703
RCE
FoxyPress 0.4.2.5 - Multiple Script Direct Request Path Disclosure
86816
22374
http://xforce.iss.net/xforce/xfdb/79704
FPD
FoxyPress 0.4.2.5 - Multiple Object Deletion CSRF
86817
22374
http://xforce.iss.net/xforce/xfdb/79702
CSRF
FoxyPress 0.4.2.5 - documenthandler.php File Upload Arbitrary Code Execution
86818
22374
http://xforce.iss.net/xforce/xfdb/79697
RCE
Track That Stat <= 1.0.8 - Cross Site Scripting
http://packetstormsecurity.com/files/112722/
http://www.securityfocus.com/bid/53551
XSS
WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting
http://packetstormsecurity.com/files/112658/
XSS
Survey And Quiz Tool <= 2.9.2 - Cross Site Scripting
http://packetstormsecurity.com/files/112685/
XSS
WP Statistics <= 2.2.4 - Cross Site Scripting
http://packetstormsecurity.com/files/112686/
XSS
WP Easy Gallery <= 2.7 - CSRF
49190
https://plugins.trac.wordpress.org/changeset?reponame=&old=669527@wp-easy-gallery&new=669527@wp-easy-gallery
CSRF
2.7.3
WP Easy Gallery 2.7 - admin/overview.php galleryId Parameter SQL Injection
105012
SQLI
2.7.1
WP Easy Gallery 2.7 - admin/add-images.php Multiple Parameter SQL Injection
105013
SQLI
2.7.1
WP Easy Gallery 2.7 - Multiple Admin Function CSRF
105014
CSRF
2.7.1
WP Easy Gallery <= 1.7 - Cross Site Scripting
49190
http://packetstormsecurity.com/files/112687/
XSS
2.7.3
Subscribe2 <= 8.0 - Cross Site Scripting
49189
http://packetstormsecurity.com/files/112688/
http://www.securityfocus.com/bid/53538
XSS
8.1
Soundcloud Is Gold <= 2.1 - 'action' Parameter Cross Site Scripting Vulnerability
49188
http://packetstormsecurity.com/files/112689/
http://www.securityfocus.com/bid/53537
2012-6624
XSS
Sharebar <= 1.2.5 - sharebar-admin.php page Parameter XSS
98078
http://packetstormsecurity.com/files/123365/
XSS
Sharebar <= 1.2.5 - Button Manipulation CSRF
94843
2013-3491
52948
http://www.securityfocus.com/bid/60956
CSRF
Sharebar 1.2.3 - wp-admin/options-general.php status Parameter XSS
81465
48908
XSS
Sharebar <= 1.2.1 - SQL Injection / Cross Site Scripting
http://packetstormsecurity.com/files/112690/
MULTI
1.2.2
Share And Follow <= 1.80.3 - Cross Site Scripting
http://packetstormsecurity.com/files/112691/
XSS
SABRE <= 1.2.0 - Cross Site Scripting
http://packetstormsecurity.com/files/112692/
XSS
Pretty Link Lite <= 1.5.2 - Cross Site Scripting
http://packetstormsecurity.com/files/112693/
XSS
Pretty Link Lite <= 1.6.1 - Cross Site Scripting
50980
XSS
pretty-link - XSS in SWF
http://seclists.org/bugtraq/2013/Feb/100
http://packetstormsecurity.com/files/120433/
2013-1636
XSS
Newsletter Manager <= 1.0.2 - Cross Site Scripting
49183
http://packetstormsecurity.com/files/112694/
2012-6628
XSS
1.0.2
Newsletter Manager 1.0.2 - Cross Site Scripting & Cross-Site Request Forgery
49152
2012-6627
2012-6629
MULTI
Network Publisher <= 5.0.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112695/
XSS
LeagueManager <= 3.7 - wp-admin/admin.php Multiple Parameter XSS
82266
49949
http://packetstormsecurity.com/files/112698/
http://www.securityfocus.com/bid/53525
http://xforce.iss.net/xforce/xfdb/75629
XSS
LeagueManager 3.8 - SQL Injection
91442
24789
2013-1852
SQLI
Leaflet <= 0.0.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112699/
XSS
PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting
http://packetstormsecurity.com/files/112700/
XSS
IFrame Admin Pages <= 0.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112701/
XSS
EZPZ One Click Backup <= 12.03.10 - OS Command Injection
106511
2014-3114
http://www.openwall.com/lists/oss-security/2014/05/01/11
RCE
EZPZ One Click Backup <= 12.03.10 - Cross Site Scripting
http://packetstormsecurity.com/files/112705/
XSS
Dynamic Widgets <= 1.5.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112706/
XSS
Download Monitor <= 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)
95613
2013-5098
2013-3262
53116
http://www.securityfocus.com/bid/61407
http://xforce.iss.net/xforce/xfdb/85921
XSS
3.3.6.2
Download Monitor <= 3.3.5.7 - index.php dlsearch Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)
85319
2012-4768
50511
http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html
XSS
3.3.5.9
Download Monitor <= 3.3.5.4 - Cross Site Scripting (Note: This plugin changed its version numbering, this may produce false positive)
http://packetstormsecurity.com/files/112707/
XSS
Download Monitor 2.0.6 - wp-download_monitor/download.php id Parameter SQL Injection (Note: This plugin changed its version numbering, this may produce false positive)
44616
2008-2034
29876
SQLI
2.0.8
Download Manager 2.5.8 - Download Package file Parameter Stored XSS
101143
2013-7319
55969
http://www.securityfocus.com/bid/64159
XSS
2.5.9
Download Manager <= 2.2.2 - admin.php cid Parameter XSS
81449
48927
http://packetstormsecurity.com/files/112708/
XSS
2.2.3
Code Styling Localization <= 1.99.17 - Cross Site Scripting
49037
http://packetstormsecurity.com/files/112709/
XSS
1.99.20
Catablog <= 1.6 - Cross Site Scripting
http://packetstormsecurity.com/files/112619/
XSS
Bad Behavior <= 2.24 - Cross Site Scripting
http://packetstormsecurity.com/files/112619/
XSS
BulletProof Security <= 0.47 - Cross Site Scripting
http://packetstormsecurity.com/files/112618/
XSS
BulletProof Security - Security Log Script Insertion Vulnerability
95928
95929
95930
2013-3487
53614
XSS
0.49
Better WP Security 3.6.3 - Online Backup Storage current_time Function Brute Force Disclosure
103358
http://packetstormsecurity.com/files/125219/
XSS
Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness
103357
http://packetstormsecurity.com/files/125219/
XSS
Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS
101788
XSS
3.5.6
Better WP Security <= 3.5.3 - inc/secure.php logevent Function URL Handling Stored XSS
95884
54299
27290
http://packetstormsecurity.com/files/122615/
https://github.com/wpscanteam/wpscan/issues/251
http://www.securityfocus.com/archive/1/527634/30/0/threaded
XSS
3.5.4
Better WP Security 3.4.3 - Multiple XSS
http://seclists.org/bugtraq/2012/Oct/9
XSS
3.4.4
Better WP Security <= 3.2.4 - Cross Site Scripting
http://packetstormsecurity.com/files/112617/
XSS
3.2.5
Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112616/
XSS
2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting
http://packetstormsecurity.com/files/112615/
XSS
2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting
49181
http://packetstormsecurity.com/files/112711/
XSS
0.35
Login With Ajax - Cross Site Scripting
49013
XSS
3.0.4.1
Login With Ajax - Cross-Site Request Forgery Vulnerability
93031
2013-2707
52950
CSRF
3.1
Media Library Categories <= 1.0.6 - SQL Injection Vulnerability
17628
SQLI
Media Library Categories <= 1.1.1 - Cross Site Scripting
http://packetstormsecurity.com/files/112697/
2012-6630
SQLI
FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload
http://packetstormsecurity.com/files/111319/
RFI
Zingiri Web Shop 2.6.5 - fwkfor/ajax/uploadfilexd.php Unspecified Issue
103554
UNKNOWN
2.6.6
Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue
101717
56230
UNKNOWN
2.6.5
Zingiri Web Shop 2.5.0 - ajaxfilemanager.php path Parameter File Upload Arbitrary Code Execution
87833
http://packetstormsecurity.com/files/118318/
http://www.securityfocus.com/bid/56659
http://xforce.iss.net/xforce/xfdb/80257
RCE
Zingiri Web Shop 2.4.3 - Shell Upload
http://packetstormsecurity.com/files/113668/
UPLOAD
Zingiri Web Shop - Cookie SQL Injection Vulnerability
49398
SQLI
2.4.8
Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS
81492
2012-6506
18787
48991
http://www.securityfocus.com/bid/53278
http://xforce.iss.net/xforce/xfdb/75178
XSS
2.4.2
Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Parameter XSS
81493
2012-6506
18787
48991
http://www.securityfocus.com/bid/53278
http://xforce.iss.net/xforce/xfdb/75179
XSS
2.4.2
Zingiri Web Shop <= 2.3.5 - Cross Site Scripting
http://packetstormsecurity.com/files/112684/
XSS
Organizer 1.2.1 - Cross Site Scripting / Path Disclosure
http://packetstormsecurity.com/files/112086/
http://packetstormsecurity.com/files/113800/
MULTI
Zingiri Tickets 2.1.2 - Unspecified Issue
105015
UNKNOWN
2.1.3
Zingiri Tickets - File Disclosure
http://packetstormsecurity.com/files/111904/
UNKNOWN
CMS Tree Page View 1.2.4 - Page Creation CSRF
91270
52581
CSRF
1.2.5
CMS Tree Page View 0.8.8 - XSS vulnerability
80573
48510
https://www.htbridge.com/advisory/HTB23083
http://www.securityfocus.com/bid/52708
http://xforce.iss.net/xforce/xfdb/74337
XSS
0.8.9
All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities
http://seclists.org/bugtraq/2012/Apr/70
XSS
All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS
96271
54038
http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/
XSS
1.10
All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection
96272
54038
http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/
SQLI
1.10
Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation
103308
2014-1889
56950
31571
http://packetstormsecurity.com/files/125213/
UNKNOWN
1.9.2
Buddypress <= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS
103307
2014-1888
56950
http://packetstormsecurity.com/files/125212/
XSS
1.9.2
BuddyPress 1.7.1 - bp-activity-classes.php Multiple Parameter SQL Injection
104761
SQLI
1.7.2
BuddyPress 1.7.1 - bp-blogs-classes.php Multiple Parameter SQL Injection
104761
SQLI
1.7.2
BuddyPress 1.7.1 - bp-friends/bp-friends-classes.php Multiple Parameter SQL Injection
104760
SQLI
1.7.2
BuddyPress 1.7.1 - bp-core/bp-core-classes.php Multiple Parameter SQL Injection
104759
SQLI
1.7.2
BuddyPress 1.7.1 - bp-core/bp-core-functions.php page_ids Parameter SQL Injection
104758
SQLI
1.7.2
BuddyPress 1.7.1 - bp-core/bp-core-filters.php user_ids Parameter SQL Injection
104757
SQLI
1.7.2
BuddyPress 1.7.1 - bp-core/bp-core-cache.php object_ids Parameter SQL Injection
104755
SQLI
1.7.2
Buddypress - player.swf / jwplayer.swf playerready Parameter XSS
88886
http://packetstormsecurity.com/files/119020/
http://xforce.iss.net/xforce/xfdb/80840
XSS
Buddypress <= 1.5.4 - wp-load.php exclude Parameter SQL Injection
80763
18690
SQLI
1.5.5
BuddyPress 1.2.9 - groups/test-group/activity/ activity_ids Parameter SQL Injection
104756
SQLI
1.2.10
Register Plus Redux <= 3.8.3 - Cross Site Scripting
http://packetstormsecurity.com/files/111367/
XSS
Magn WP Drag and Drop <= 1.1.4 - Upload Shell Upload Vulnerability
http://packetstormsecurity.com/files/110103/
UPLOAD
Kish Guest Posting 1.0 - Arbitrary File Upload
18412
RFI
AllWebMenus Shell Upload <= 1.1.9 - Shell Upload
http://packetstormsecurity.com/files/108946/
RFI
AllWebMenus 1.1.3 - Remote File Inclusion
17861
RFI
Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting
http://packetstormsecurity.com/files/108914/
XSS
uCan Post <= 1.0.09 - Stored XSS
18390
XSS
WP Cycle Playlist - Multiple Vulnerabilities
http://1337day.com/exploit/17396
MULTI
myEASYbackup 1.0.8.1 - Directory Traversal
http://packetstormsecurity.com/files/108711/
UNKNOWN
Count per Day 3.2.5 - wp-admin/index.php daytoshow Parameter XSS
90893
52436
http://packetstormsecurity.com/files/120649/
XSS
Count per Day 3.2.5 - counter.php HTTP Referer Header XSS
91491
24859
http://packetstormsecurity.com/files/120870/
XSS
Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS
90833
http://packetstormsecurity.com/files/120631/
http://seclists.org/fulldisclosure/2013/Mar/43
UNKNOWN
Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure
90832
http://packetstormsecurity.com/files/120631/
http://seclists.org/fulldisclosure/2013/Mar/43
FPD
Count Per Day 3.2.3 - notes.php note Parameter XSS
84933
20862
50450
http://packetstormsecurity.com/files/115904/
XSS
Count Per Day 3.2.2 - notes.php note Parameter XSS
84920
50419
XSS
3.2.3
Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS
83491
2012-3434
49692
http://packetstormsecurity.com/files/114787/
http://www.securityfocus.com/bid/54258
XSS
3.2
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
78270
18355
47529
http://xforce.iss.net/xforce/xfdb/72385
http://packetstormsecurity.org/files/108631/
UNKNOWN
3.1.1
Count Per Day <= 3.1 - map.php map Parameter XSS
78271
18355
47529
http://xforce.iss.net/xforce/xfdb/72385
http://packetstormsecurity.org/files/108631/
XSS
3.1.1
Count per Day <= 2.17 - SQL Injection Vulnerability
75598
17857
46051
SQLI
3.0
WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability
http://1337day.com/exploit/17368
SQLI
Age Verification <= 0.4 - Open Redirect
18350
REDIRECT
Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting
http://packetstormsecurity.com/files/108470/
XSS
Pay With Tweet <= 1.1 - Multiple Vulnerabilities
18330
MULTI
Whois Search <= 1.4.2 - Cross Site Scripting
http://packetstormsecurity.com/files/108271/
XSS
UPM-POLLS 1.0.4 - BLIND SQL injection
18231
SQLI
Disqus <= 2.75 - Remote Code Execution Vuln
http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
RCE
2.76
Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS)
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/
XSS
2.69
Disqus Blog Comments - Blind SQL Injection Vulnerability
85935
20913
SQLI
Google reCAPTCHA <= 3.1.3 - Reflected XSS Vulnerability
http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html
XSS
3.1.4
Link Library 5.8.0.9 - Multiple Unspecified Issues
102842
MULTI
5.8.1
Link Library 5.1.6 - link-library-ajax.php Multiple Parameter SQL Injection
102804
SQLI
5.1.7
Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter XSS
74561
45588
XSS
5.0.9
Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter SQL Injection
74562
45588
SQLI
5.0.9
Link Library <= 5.2.1 - SQL Injection
84579
17887
SQLI
5.7.9.7
CevherShare 2.0 - SQL Injection Vulnerability
17891
SQLI
meenews 5.1 - Cross-Site Scripting Vulnerabilities
http://seclists.org/bugtraq/2011/Nov/151
XSS
Click Desk Live Support Chat - Cross Site Scripting Vulnerability
http://seclists.org/bugtraq/2011/Nov/148
XSS
2.0
adminimize 1.7.21 - 'page' Parameter Cross Site Scripting Vulnerability
2011-4926
http://www.securityfocus.com/bid/50745
http://seclists.org/bugtraq/2011/Nov/135
XSS
1.7.22
Advanced Text Widget <= 2.0.0 - Cross Site Scripting Vulnerability
http://seclists.org/bugtraq/2011/Nov/133
XSS
MM Duplicate <= 1.2 - SQL Injection Vulnerability
17707
SQLI
Menu Creator <= 1.1.7 - SQL Injection Vulnerability
17689
SQLI
Allow PHP in Posts and Pages <= 2.0.0.RC2 - SQL Injection Vulnerability
17688
SQLI
2.1.0
Global Content Blocks <= 1.2 - SQL Injection Vulnerability
17687
SQLI
Ajax Gallery <= 3.0 - SQL Injection Vulnerability
17686
SQLI
WP DS FAQ <= 1.3.2 - ajax.php id Parameter SQL Injection
74574
45640
17683
SQLI
WP DS FAQ Plus 1.0.12 - Multiple Unspecified Issues
106614
MULTI
1.0.13
WP DS FAQ Plus 1.0.11 - Multiple Unspecified Issues
106615
MULTI
1.0.12
WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF
106618
CSRF
1.0.3
WP DS FAQ Plus - Unspecified SQL Injection
106724
SQLI
1.0.0
OdiHost Newsletter <= 1.0 - SQL Injection Vulnerability
17681
SQLI
Easy Contact Form Lite <= 1.0.7 - SQL Injection Vulnerability
17680
SQLI
WP Symposium 13.04 - invite.php u Parameter Arbitrary Site Redirect
92274
2013-2694
52925
REDIRECT
WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS
92275
2013-2695
52864
XSS
13.04
WP Symposium <= 12.09 - ajax/symposium_groups_functions.php gid Parameter SQL Injection
89455
50674
http://www.securityfocus.com/bid/57478
http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
SQLI
12.12
WP Symposium <= 12.09 - index.php uid Parameter SQL Injection
89456
50674
http://www.securityfocus.com/bid/57478
http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
SQLI
12.12
WP Symposium <= 12.09 - ajax/symposium_profile_functions.php friend_to Parameter SQL Injection
89457
50674
http://www.securityfocus.com/bid/57478
http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
SQLI
12.12
WP Symposium <= 12.09 - ajax/symposium_forum_functions.php Multiple Parameter SQL Injection
89458
50674
http://www.securityfocus.com/bid/57478
http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
SQLI
12.12
WP Symposium <= 12.09 - get_album_item.php size Parameter SQL Injection
89459
50674
http://www.securityfocus.com/bid/57478
http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
SQLI
12.12
WP Symposium <= 12.07.07 - ajax/symposium_ajax_functions.php Authentication Bypass
83696
49791
AUTHBYPASS
WP Symposium <= 12.06.16 - ajax/symposium_forum_functions.php tid Parameter SQL Injection
83662
49534
SQLI
12.07.01
WP Symposium <= 12.06.16 - ajax/symposium_group_functions.php uid1 Parameter SQL Injection
83663
49534
SQLI
12.07.01
WP Symposium <= 12.06.16 - ajax/symposium_bar_functions.php chat_to Parameter SQL Injection
83668
49534
SQLI
12.07.01
WP Symposium <= 12.06.16 - ajax/symposium_mail_functions.php Multiple Parameter SQL Injection
83675
49534
SQLI
12.07.01
WP Symposium <= 11.11.26 - uploadify/upload_admin_avatar.php File Upload Remote PHP Code Execution
78041
2011-5051
46097
http://xforce.iss.net/xforce/xfdb/72012
RCE
11.12.24
WP Symposium <= 11.11.26 - uploadify/upload_profile_avatar.php File Upload Remote PHP Code Execution
78042
2011-5051
46097
http://xforce.iss.net/xforce/xfdb/72012
RCE
11.12.24
WP Symposium <= 11.11.26 - uploadify/get_profile_avatar.php uid Parameter XSS
77634
2011-3841
47243
http://www.securityfocus.com/bid/51017
http://xforce.iss.net/xforce/xfdb/71748
XSS
11.12.08
WP Symposium <= 0.64 - uploadify/get_profile_avatar.php uid Parameter SQL Injection
74664
47243
17679
SQLI
11.08.18
File Groups <= 1.1.2 - SQL Injection Vulnerability
17677
SQLI
IP-Logger <= 3.0 - SQL Injection Vulnerability
17673
SQLI
Beer Recipes 1.0 - XSS
17453
SQLI
Is-human <= 1.4.2 - Remote Command Execution Vulnerability
17299
RCE
EditorMonkey - (FCKeditor) Arbitrary File Upload
17284
UPLOAD
SermonBrowser 0.43 - SQL Injection
17214
SQLI
Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
17207
MULTI
WP Custom Pages 0.5.0.1 - LFI Vulnerability
17119
LFI
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
GRAND Flash Album Gallery 2.70- "s" Cross-Site Scripting Vulnerability
93714
2013-3261
53111
XSS
2.72
GRAND Flash Album Gallery 2.55 - "gid" SQL Injection Vulnerability
93087
53356
SQLI
2.56
GRAND Flash Album Gallery - Multiple Vulnerabilities
51100
MULTI
2.17
GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities
51601
http://packetstormsecurity.com/files/117665/
http://www.waraxe.us/advisory-94.html
MULTI
GRAND Flash Album Gallery <= 1.71 - wp-admin/admin.php skin Parameter XSS
81923
http://packetstormsecurity.com/files/112704/
XSS
1.76
GRAND Flash Album Gallery <= 1.56 - XSS Vulnerability
http://seclists.org/bugtraq/2011/Nov/186
XSS
GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection
71072
43648
16947
SQLI
GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access
71073
43648
16947
UNKNOWN
PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit
16273
RCE
OPS Old Post Spinner 2.2.1 - LFI Vulnerability
16251
LFI
jQuery Mega Menu 1.0 - Local File Inclusion
16250
LFI
IWantOneButton 3.0.1 - Multiple Vulnerabilities
16236
MULTI
WP Forum Server <= 1.7.3 - wpf-insert.php edit_post_id Parameter SQL Injection
75463
2012-6625
45974
http://packetstormsecurity.com/files/112703/
SQLI
1.7.4
WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS
102185
2012-6623
49167
http://packetstormsecurity.com/files/112703/
http://www.securityfocus.com/bid/65215
XSS
WP Forum Server <= 1.7.3 - fs-admin/fs-admin.php Multiple Parameter XSS
81914
2012-6622
49155
http://packetstormsecurity.com/files/112703/
XSS
WP Forum Server <= 1.7 - SQL Injection Vulnerability
17828
SQLI
WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection
70994
2011-1047
43306
16235
http://www.securityfocus.com/bid/46360
http://www.securityfocus.com/bid/46362
SQLI
WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection
70993
2011-1047
43306
16235
http://www.securityfocus.com/bid/46362
SQLI
Relevanssi 3.2 - Unspecified SQL Injection
104014
56641
http://www.securityfocus.com/bid/65960
SQLI
3.3
Relevanssi 2.7.2 - Stored XSS Vulnerability
71236
43461
16233
XSS
2.7.3
GigPress 2.1.10 - Stored XSS Vulnerability
16232
XSS
Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection
90676
24552
52348
http://packetstormsecurity.com/files/120569/
MULTI
Comment Rating 2.9.23 - Multiple Vulnerabilities
71044
43406
16221
MULTI
2.9.24
Z-Vote 1.1 - SQL Injection Vulnerability
16218
SQLI
User Photo - Component Remote File Upload Vulnerability
16181
71071
UPLOAD
0.9.5
Enable Media Replace - Multiple Vulnerabilities
16144
MULTI
Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection
http://packetstormsecurity.com/files/108915/
MULTI
Mingle Forum <= 1.0.31 - SQL Injection Vulnerability
17894
SQLI
Mingle Forum <= 1.0.26 - Multiple Vulnerabilities
15943
MULTI
Mingle Forum <= 1.0.33 - Cross Site Scripting
49171
http://packetstormsecurity.com/files/112696/
XSS
1.0.33.2
Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS
90432
2013-0734
52167
XSS
1.0.34
Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS
90433
2013-0734
52167
XSS
1.0.34
Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection
90434
2013-0735
52167
SQLI
1.0.34
Mingle Forum 1.0.35 - Privilege Escalation CSRF
96905
2013-0736
47687
CSRF
Accept Signups 0.1 - XSS
15808
XSS
Events Manager Extended - Persistent XSS Vulnerability
14923
XSS
NextGEN Smooth Gallery - Blind SQL Injection Vulnerability
14541
SQLI
NextGen Smooth Gallery - XSS
http://packetstormsecurity.com/files/123074/
XSS
myLDlinker - SQL Injection Vulnerability
14441
SQLI
Firestats - Remote Configuration File Download
14308
UNKNOWN
Simple Press - SQL Injection Vulnerability
14198
SQLI
Cimy Counter - Vulnerabilities
14057
MULTI
NextGEN Gallery & 2.0.66 - Arbitrary File Upload (the user must have upload privileges)
http://packetstormsecurity.com/files/127340/wpnextgen2063-shell.txt
UPLOAD
2.0.66
NextGEN Gallery 2.0.0 - Directory Traversal
103473
http://seclists.org/fulldisclosure/2014/Feb/171
https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
UNKNOWN
2.0.7
NextGEN Gallery - SWF Vulnerable to XSS
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
51271
XSS
1.9.8
NextGEN Gallery - swfupload.swf Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/60433
MULTI
NextGEN Gallery 1.9.12 - Arbitrary File Upload
94232
2013-3684
http://wordpress.org/plugins/nextgen-gallery/changelog/
UPLOAD
1.9.13
NextGEN Gallery 1.9.11 - xml/json.php Crafted Request Parsing Path Disclosure
90242
2013-0291
52137
UNKNOWN
NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
97690
XSS
NextGEN Gallery <= 1.9.0 - admin/manage-galleries.php paged Parameter XSS
78363
47588
XSS
1.9.1
NextGEN Gallery <= 1.9.0 - admin/manage-images.php paged Parameter XSS
78364
47588
XSS
1.9.1
NextGEN Gallery <= 1.9.0 - admin/manage.php Multiple Parameter XSS
78365
47588
XSS
1.9.1
NextGEN Gallery <= 1.8.3 - wp-admin/admin.php search Parameter XSS
76576
46602
XSS
1.8.4
NextGEN Gallery <= 1.8.3 - Tag Deletion CSRF
76577
46602
CSRF
1.8.4
NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure
72023
FPD
1.7.4
NextGEN Gallery <= 1.5.1 - xml/media-rss.php mode Parameter XSS
63574
12098
39341
http://www.securityfocus.com/bid/39250
XSS
1.5.2
Copperleaf Photolog - SQL injection
11458
SQLI
Events Calendar - SQL Injection Vulnerability
10929
95677
SQLI
6.7.10
Events Calendar - wp-admin/admin.php EC_id Parameter XSS
74705
XSS
6.7.12a
Image Manager - Shell Upload Vulnerability
10325
UPLOAD
WP-Cumulus <= 1.20 - Vulnerabilities
10228
MULTI
WP-Cumulus - Cross Site Scripting Vulnerabily
http://seclists.org/fulldisclosure/2011/Nov/340
XSS
1.23
WP-Syntax < 0.9.10 - Remote Command Execution
9431
RCE
0.9.10
My Category Order <= 2.8 - SQL Injection Vulnerability
9150
SQLI
Related Sites 2.1 - Blind SQL Injection Vulnerability
9054
SQLI
SWF Vulnerable to XSS Bundled in Many WordPress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
DM Albums 1.9.2 - Remote File Disclosure Vulnerability
9048
LFI
DM Albums 1.9.2 - Remote File Inclusion Vuln
9043
RFI
Photoracer 1.0 - (id) SQL Injection Vulnerability
8961
SQLI
Photoracer <= 1.0 - SQL Injection Vulnerability
17720
SQLI
Photoracer <= 1.0 - Multiple Vulnerabilities
17731
MULTI
Lytebox - Local File Inclusion Vulnerability
8791
LFI
fMoblog 2.1 - (id) SQL Injection Vulnerability
8229
SQLI
Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln
50902
2008-5752
7543
33274
http://www.securityfocus.com/bid/32966
http://xforce.iss.net/xforce/xfdb/47568
LFI
e-Commerce <= 3.4 - Arbitrary File Upload Exploit
6867
UPLOAD
Download Manager 0.2 - Arbitrary File Upload Exploit
6127
UPLOAD
Spreadsheet <= 0.6 - SQL Injection Vulnerability
5486
SQLI
Download - (dl_id) SQL Injection Vulnerability
5326
SQLI
Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities
5194
MULTI
Photo album - Remote SQL Injection Vulnerability
5135
SQLI
Simple Forum 2.0-2.1 - SQL Injection Vulnerability
5126
SQLI
Simple Forum 1.10-1.11 - SQL Injection Vulnerability
5127
SQLI
st_newsletter - Remote SQL Injection Vulnerability
5053
SQLI
st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability
6777
SQLI
Wordspew - Remote SQL Injection Vulnerability
5039
SQLI
dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities
5035
MULTI
WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
5017
SQLI
Adserve 0.2 - adclick.php SQL Injection Exploit
5013
SQLI
fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability
4993
SQLI
WP-Cal 0.3 - editevent.php SQL Injection Vulnerability
4992
SQLI
plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability
4939
SQLI
plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability
7738
SQLI
wp-FileManager 1.2 - Remote Upload Vulnerability
4844
UPLOAD
wp-FileManager 1.3.0 - File Download Vulnerability
53421
25440
93446
UNKNOWN
1.4.0
PictPress <= 0.91 - Remote File Disclosure Vulnerability
4695
LFI
BackUp <= 0.4.2b - RFI Vulnerability
4593
RFI
0.4.3
Myflash <= 1.00 - (wppath) RFI Vulnerability
3828
RFI
Myflash - myextractXML.php path Parameter Arbitrary File Access
88260
http://packetstormsecurity.com/files/118400/
LFI
plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability
3825
RFI
plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability
3824
RFI
myGallery <= 1.4b4 - Remote File Inclusion Vulnerability
3814
RFI
SendIt <= 1.5.9 - Blind SQL Injection Vulnerability
17716
SQLI
Js-appointment <= 1.5 - SQL Injection Vulnerability
17724
SQLI
MM Forms Community <= 1.2.3 - SQL Injection Vulnerability
17725
SQLI
MM Forms Community 2.2.6 - Arbitrary File Upload
18997
UPLOAD
Super CAPTCHA <= 2.2.4 - SQL Injection Vulnerability
17728
SQLI
Collision Testimonials <= 3.0 - SQL Injection Vulnerability
17729
SQLI
Oqey Headers <= 0.3 - SQL Injection Vulnerability
17730
SQLI
Facebook Promotions <= 1.3.3 - SQL Injection Vulnerability
17737
SQLI
Evarisk 5.1.5.4 - include/lib/actionsCorrectives/activite/uploadPhotoApres.php File Upload PHP Code Execution
82960
49521
http://packetstormsecurity.com/files/113638/
UPLOAD
Evarisk <= 5.1.3.6 - SQL Injection Vulnerability
17738
SQLI
Profiles <= 2.0RC1 - SQL Injection Vulnerability
17739
SQLI
mySTAT <= 2.6 - SQL Injection Vulnerability
17740
SQLI
SH Slideshow <= 3.1.4 - SQL Injection Vulnerability
17748
SQLI
iCopyright(R) Article Tools <= 1.1.4 - SQL Injection Vulnerability
17749
SQLI
Advertizer <= 1.0 - SQL Injection Vulnerability
17750
SQLI
Event Registration <= 5.44 - SQL Injection Vulnerability
17814
SQLI
Event Registration <= 5.43 - SQL Injection Vulnerability
17751
SQLI
Event Registration 5.32 - SQL Injection Vulnerability
15513
SQLI
Craw Rate Tracker <= 2.0.2 - SQL Injection Vulnerability
17755
SQLI
wp audio gallery playlist <= 0.12 - SQL Injection Vulnerability
17756
SQLI
yolink Search 2.5 - "s" Cross-Site Scripting Vulnerability
89756
52030
http://www.securityfocus.com/bid/57665
XSS
2.6
yolink Search <= 1.1.4 - includes/bulkcrawl.php Multiple Parameter SQL Injection
74832
45801
17757
SQLI
PureHTML <= 1.0.0 - SQL Injection Vulnerability
17758
SQLI
Couponer <= 1.2 - SQL Injection Vulnerability
17759
SQLI
grapefile <= 1.1 - Arbitrary File Upload
17760
UPLOAD
image-gallery-with-slideshow <= 1.5 - Arbitrary File Upload / SQL Injection
17761
MULTI
Donation <= 1.0 - SQL Injection Vulnerability
17763
SQLI
WP Bannerize <= 2.8.6 - SQL Injection Vulnerability
74835
45811
17764
SQLI
2.8.7
WP Bannerize <= 2.8.7 - SQL Injection Vulnerability
76658
46236
17906
SQLI
2.8.8
SearchAutocomplete <= 1.0.8 - SQL Injection Vulnerability
17767
SQLI
VideoWhisper Video Presentation <= 1.1 - SQL Injection Vulnerability
17771
SQLI
VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53851
UPLOAD
Facebook Opengraph Meta <= 1.0 - SQL Injection Vulnerability
17773
SQLI
Zotpress <= 4.4 - SQL Injection Vulnerability
17778
SQLI
oQey Gallery <= 0.4.8 - SQL Injection Vulnerability
17779
SQLI
Tweet Old Post <= 3.2.5 - SQL Injection Vulnerability
17789
SQLI
post highlights <= 2.2 - SQL Injection Vulnerability
17790
SQLI
KNR Author List Widget <= 2.0.0 - SQL Injection Vulnerability
17791
SQLI
SCORM Cloud <= 1.0.6.6 - SQL Injection Vulnerability
17793
SQLI
Eventify - Simple Events <= 1.7.f - SQL Injection Vulnerability
17794
SQLI
Paid Downloads <= 2.01 - SQL Injection Vulnerability
17797
SQLI
Community Events <= 1.2.1 - SQL Injection Vulnerability
17798
SQLI
1-flash-gallery <= 1.9.0 - XSS in ZeroClipboard.swf
http://1337day.com/exploit/20396
XSS
1 Flash Gallery - Arbiraty File Upload Exploit (MSF)
17801
UPLOAD
WP-Filebase Download Manager 0.3.0.02 - class/Admin.php GetFileHash Function Remote Command Execution
105039
57456
http://www.securityfocus.com/bid/66341
SQLI
0.3.0.03
WP-Filebase 0.2.9.24- Unspecified Vulnerabilities
87294
51269
http://xforce.iss.net/xforce/xfdb/80034
UNKNOWN
0.2.9.25
WP-Filebase Download Manager <= 0.2.9 - wpfb-ajax.php base Parameter SQL Injection
75308
45931
17808
SQLI
A to Z Category Listing <= 1.3 - SQL Injection Vulnerability
17809
SQLI
WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS
74295
45513
XSS
3.8.8
WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability
17832
SQLI
WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability
http://1337day.com/exploit/20517
XSS
WP-e-Commerce 3.8.9.5 - display-sales-logs.php c Parameter Remote Code Execution
102484
http://packetstormsecurity.com/files/124921/
RCE
WP-e-Commerce 3.8.9.5 - misc.functions.php image_name Parameter Local File Inclusion
102485
http://packetstormsecurity.com/files/124921/
LFI
WP-e-Commerce 3.8.9.5 - ajax.php wpsc_action Parameter Remote Code Execution
102486
http://packetstormsecurity.com/files/124921/
RCE
WP-e-Commerce 3.8.9.5 - save-data.functions.php GIF File Upload
102497
http://packetstormsecurity.com/files/124921/
UPLOAD
Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability
17858
LFI
TheCartPress <= 1.6 - Cross Site Sripting
http://packetstormsecurity.com/files/108272/
XSS
TheCartPress 1.1.1 - Remote File Inclusion
17860
RFI
WPEasyStats 1.8 - Remote File Inclusion
17862
RFI
Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution
82948
49488
http://packetstormsecurity.com/files/113637/
UPLOAD
Livesig 0.4 - Remote File Inclusion
17864
RFI
Disclosure Policy 1.0 - Remote File Inclusion
17865
RFI
Mailing List 1.3.2 - Remote File Inclusion
17866
RFI
Mailing List - Arbitrary file download
18276
UNKNOWN
1.4.1
Zingiri Web Shop 2.2.0 - Remote File Inclusion
17867
RFI
Zingiri Web Shop <= 2.2.3 - Remote Code Execution
18111
RCE
Mini Mail Dashboard Widget 1.36 - wp-mini-mail.php abspath Parameter Remote File Inclusion
75402
45953
17868
RFI
1.37
Mini Mail Dashboard Widget 1.42 - Message Body XSS
85135
20358
XSS
1.43
Relocate Upload 0.14 - Remote File Inclusion
17869
RFI
Category Grid View Gallery 0.1.1 - Shell Upload vulnerability
17872
UPLOAD
Category Grid View Gallery 2.3.1 - CatGridPost.php ID Parameter XSS
94805
2013-4117
54035
http://packetstormsecurity.com/files/122259/
XSS
2.3.3
Auto Attachments 0.2.9 - Shell Upload vulnerability
17872
UPLOAD
WP Marketplace 1.1.0 - Shell Upload vulnerability
17872
UPLOAD
DP Thumbnail 1.0 - Shell Upload vulnerability
17872
UPLOAD
Vk Gallery 1.1.0 - Shell Upload vulnerability
17872
UPLOAD
Rekt Slideshow 1.0.5 - Shell Upload vulnerability
17872
UPLOAD
CAC Featured Content 0.8 - Shell Upload vulnerability
17872
UPLOAD
Rent A Car 1.0 - Shell Upload vulnerability
17872
UPLOAD
LISL Last Image Slider 1.0 - Shell Upload vulnerability
17872
UPLOAD
Islidex 2.7 - Shell Upload vulnerability
17872
UPLOAD
Kino Gallery 1.0 - Shell Upload vulnerability
17872
UPLOAD
Cms Pack 1.3 - Shell Upload vulnerability
17872
UPLOAD
A Gallery 0.9 - Shell Upload vulnerability
17872
UPLOAD
Category List Portfolio Page 0.9 - Shell Upload vulnerability
17872
UPLOAD
Really Easy Slider 0.1 - Shell Upload vulnerability
17872
UPLOAD
Verve Meta Boxes 1.2.8 - Shell Upload vulnerability
17872
UPLOAD
User Avatar 1.3.7 - shell upload vulnerability
17872
UPLOAD
Extend 1.3.7 - Shell Upload vulnerability
75638
2011-4106
17872
UPLOAD
AdRotate <= 3.9.4 - clicktracker.php track Parameter SQL Injection
103578
2014-1854
57079
31834
http://packetstormsecurity.com/files/125330/
SQLI
3.9.5
AdRotate <= 3.6.6 - SQL Injection Vulnerability
77507
2011-4671
46814
18114
SQLI
3.6.8
AdRotate <= 3.6.5 - SQL Injection Vulnerability
77507
2011-4671
17888
http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html
SQLI
3.6.8
WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability
17970
SQLI
GD Star Rating 1.9.22 - gd-star-rating-stats.php s Parameter SQL Injection
105085
http://packetstormsecurity.com/files/125932/
http://seclists.org/fulldisclosure/2014/Mar/399
https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/
SQLI
GD Star Rating 1.9.22 - gd-star-rating-stats.php Setting Manipulation CSRF
105086
57667
http://packetstormsecurity.com/files/125932/
http://seclists.org/fulldisclosure/2014/Mar/399
https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/
CSRF
GD Star Rating 1.9.18 - Export Security Bypass Security Issue
105086
49850
AUTHBYPASS
1.9.19
GD Star Rating <= 1.9.16 - Cross Site Scripting
http://packetstormsecurity.com/files/112702/
XSS
GD Star Rating <= 1.9.10 - gd-star-rating/export.php de Parameter SQL Injection
83466
17973
SQLI
GD Star Rating 1.9.7 - gd-star-rating/widgets/widget_top.php wpfn Parameter XSS
71060
43403
http://seclists.org/bugtraq/2011/Feb/219
XSS
Contact Form <= 2.7.5 - SQL Injection
17980
SQLI
WP Photo Album Plus <= 4.1.1 - SQL Injection
17983
SQLI
WP Photo Album Plus <= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS
88851
51669
51679
XSS
WP Photo Album Plus - Full Path Disclosure
http://1337day.com/exploit/20125
FPD
4.9.1
WP Photo Album Plus - index.php wppa-tag Parameter XSS
89165
51829
XSS
4.9.3
WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability
93033
2013-3254
53105
XSS
5.0.3
WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS
94465
53915
XSS
5.0.11
BackWPUp 2.1.4 - Code Execution
17987
RCE
plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability
71481
RCE
BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS
2013-4626
https://www.htbridge.com/advisory/HTB23161
96505
54515
http://packetstormsecurity.com/files/122916/
XSS
3.0.13
portable-phpMyAdmin - Authentication Bypass
88391
2012-5469
23356
51520
AUTHBYPASS
1.3.1
Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
98766
http://seclists.org/oss-sec/2013/q4/138
FPD
Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass
98767
2013-4454
55270
http://seclists.org/oss-sec/2013/q4/138
AUTHBYPASS
super-refer-a-friend - Full Path Disclosure
http://1337day.com/exploit/20126
FPD
1.0
W3 Total Cache - Username and Hash Extract
92742
92741
2012-6079
2012-6078
http://seclists.org/fulldisclosure/2012/Dec/242
https://github.com/FireFart/W3TotalCacheExploit
auxiliary/gather/wp_w3_total_cache_hash_extract
UNKNOWN
0.9.2.5
W3 Total Cache - Remote Code Execution
http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
http://wordpress.org/support/topic/pwn3d
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
exploits/unix/webapp/php_wordpress_total_cache
25137
2013-2010
92652
53052
RCE
0.9.2.9
WP-Super-Cache 1.3 - Remote Code Execution
http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
http://wordpress.org/support/topic/pwn3d
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
RCE
1.3.1
WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
92832
2013-2008
XSS
1.3.1
WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
92831
2013-2008
XSS
1.3.1
WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
92830
2013-2008
XSS
1.3.1
WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
92829
2013-2008
XSS
1.3.1
WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
92828
2013-2008
XSS
1.3.1
WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
92827
2013-2008
XSS
1.3.1
ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection
89437
24229
http://xforce.iss.net/xforce/xfdb/81415
SQLI
ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure
89438
24229
http://www.securityfocus.com/bid/57473
http://xforce.iss.net/xforce/xfdb/81414
FPD
floating-tweets - persistent XSS
http://packetstormsecurity.com/files/119499/
http://websecurity.com.ua/6023/
XSS
floating-tweets - directory traversal
http://packetstormsecurity.com/files/119499/
http://websecurity.com.ua/6023/
UNKNOWN
ipfeuilledechou - SQL Injection Vulnerability
http://www.exploit4arab.com/exploits/377
http://1337day.com/exploit/20206
SQLI
Simple Login Log - XSS
51780
XSS
0.9.4
Simple Login Log - SQL Injection
51780
SQLI
0.9.4
WP SlimStat 3.5.5 - Overview URI Stored XSS
104428
57305
XSS
3.5.6
WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS
89052
51721
XSS
2.8.5
SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability
55160
http://packetstormsecurity.com/files/123494/
UPLOAD
Browser Rejector - Remote and Local File Inclusion
89053
51739
LFI
2.11
File Uploader - PHP File Upload Vulnerability
http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/
UPLOAD
Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation
89443
2013-1401
51925
http://seclists.org/bugtraq/2013/Jan/86
http://packetstormsecurity.com/files/119736/
CSRF
34.06
Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection
89444
2013-1400
http://packetstormsecurity.com/files/119736/
http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html
http://seclists.org/bugtraq/2013/Jan/86
SQLI
Cardoza WordPress poll - Multiple SQL Injection Vulnerabilities
50910
SQLI
33.6
Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF
89475
24294
51912
http://packetstormsecurity.com/files/119731/
http://seclists.org/bugtraq/2013/Jan/91
http://1337day.com/exploit/20210
CSRF
2013.0.1.41
Developer Formatter 2013.0.1.40 - devformatter.php Multiple Field XSS
89474
http://seclists.org/bugtraq/2013/Jan/91
XSS
2013.0.1.41
DVS Custom Notification - Cross-Site Request Forgery Vulnerability
89441
2012-4921
51531
CSRF
1.0.1
Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities
98198
55182
XSS
5.5.2
Events Manager 5.3.8 - Event Search Form em_search Parameter XSS
93556
http://www.securityfocus.com/bid/60078
53478
XSS
5.3.9
Events Manager 5.3.8 - wp-admin/edit.php author Parameter XSS
93557
http://www.securityfocus.com/bid/60078
53478
XSS
5.3.9
Events Manager 5.3.8 - Event Editing redirect_to Parameter XSS
93558
http://www.securityfocus.com/bid/60078
53478
XSS
5.3.9
Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS
90913
52475
XSS
5.3.6
Events Manager 5.3.5 - index.php event_owner_name Parameter XSS
90914
52475
XSS
5.3.6
Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS
90915
52475
XSS
5.3.6
Events Manager 5.3.3 - templates/forms/bookingform/booking-fields.php Multiple Parameter XSS
89488
2013-1407
51869
http://packetstormsecurity.com/files/120688/
http://www.securityfocus.com/bid/57477
XSS
5.3.4
Events Manager 5.3.3 - templates/templates/events-search.php Multiple Parameter XSS
89487
2013-1407
51869
http://packetstormsecurity.com/files/120688/
http://www.securityfocus.com/bid/57477
XSS
5.3.4
Events Manager 5.3.3 - XSS classes/em-bookings-table.php wp_nonce Parameter XSS
89486
2013-1407
51869
http://packetstormsecurity.com/files/120688/
http://www.securityfocus.com/bid/57477
XSS
5.3.4
SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF
89585
51927
24364
http://1337day.com/exploit/20222
CSRF
1.1.1
SolveMedia 1.1.0 - solvemedia.admin.inc Admin Options Page CSRF
106320
CSRF
1.1.1
Welcart e-Commerce 1.3.12 - wp-admin/admin-ajax.php Multiple Parameter DOM-Based XSS
103956
57222
http://packetstormsecurity.com/files/125513/
http://www.securityfocus.com/bid/65954
XSS
Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS
103955
http://packetstormsecurity.com/files/125513/
http://www.securityfocus.com/bid/65954
XSS
Welcart e-Commerce 1.3.12 - wp-admin/admin.php Multiple Parameter SQL Injection
103954
http://packetstormsecurity.com/files/125513/
http://www.securityfocus.com/bid/65954
SQLI
Welcart e-Commerce - wp-admin/admin.php Multiple Parameter SQL Injection
103954
http://packetstormsecurity.com/files/125513/
http://www.securityfocus.com/bid/65954
SQLI
Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities
51581
MULTI
Knews 1.2.5 - Multilingual Newsletters Cross-Site Request Forgery Vulnerability
88427
51543
http://www.securityfocus.com/bid/56926
http://xforce.iss.net/xforce/xfdb/80661
CSRF
1.2.6
Knews 1.2.5 - Unspecified XSS
88426
XSS
1.2.6
Knews 1.1.0 - wysiwyg/fontpicker/index.php ff Parameter XSS
83643
49825
XSS
1.1.1
Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability
51419
XSS
WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS
102882
56801
XSS
0.1.6.7
WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DCallBack.php Multiple Parameter Reflected XSS
102746
56801
XSS
0.1.6.7
WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS
102747
56801
XSS
0.1.6.7
WooCommerce Predictive Search - index.php rs Parameter XSS
87890
51385
http://www.securityfocus.com/bid/56703
XSS
1.0.6
WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS
98754
http://packetstormsecurity.com/files/123684/
http://www.securityfocus.com/bid/63228
XSS
2.0.17
WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
95480
53930
http://packetstormsecurity.com/files/122465/
XSS
2.0.13
WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability
51384
XSS
vTiger - CRM Lead Capture Unspecified Vulnerability
51305
UNKNOWN
1.1.0
WP-PostViews - "search_input" Cross-Site Scripting Vulnerability
50982
XSS
WP-PostViews 1.62 - Setting Manipulation CSRF
93096
2013-3252
53127
CSRF
1.63
DX-Contribute - Cross-Site Request Forgery Vulnerability
51082
CSRF
MailPoet (Wysija Newsletters) - Remote File Upload
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
exploit/unix/webapp/wp_wysija_newsletters_upload
UPLOAD
2.6.8
Wysija Newsletters 2.2 - SQL Injection Vulnerability
89924
2013-1408
https://www.htbridge.com/advisory/HTB23140
http://packetstormsecurity.com/files/120089/
http://seclists.org/bugtraq/2013/Feb/29
http://cxsecurity.com/issue/WLB-2013020039
SQLI
2.2.1
Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability
51249
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
2.1.7
Hitasoft FLV Player - "id" SQL Injection Vulnerability
51179
SQLI
Spider Calendar 1.3.0 - Multiple Vulnerabilities
93584
25723
53481
MULTI
Spider Calendar 1.1.0 - "many_sp_calendar" Cross-Site Scripting Vulnerability
86604
50981
XSS
1.1.1
Spider Calendar 1.0.1 - front_end/spidercalendarbig.php date Parameter XSS
85897
50812
21715
http://packetstormsecurity.org/files/117078/
XSS
1.1.3
Spider Calendar 1.0.1 - spidercalendarbig_seemore.php calendar_id Parameter SQL Injection
85898
50812
21715
http://packetstormsecurity.org/files/117078/
SQLI
1.1.3
Dynamic Font Replacement 1.3 - SQL Injection Vulnerability
http://1337day.com/exploit/20239
SQLI
Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability
50983
XSS
1.2.1
White Label CMS - Cross-Site Request Forgery Vulnerability
50487
CSRF
1.5.1
Download Shortcode - "file" Arbitrary File Disclosure Vulnerability
50924
LFI
0.2.1
eShop Magic 0.1 - eshop-magic/download.php file Parameter Traversal Arbitrary File Access
86155
50933
http://xforce.iss.net/xforce/xfdb/79222
LFI
0.2
Pinterest "Pin It" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities
85956
50868
MULTI
1.4.0
CSS Plus 1.3.1 - Unspecified Vulnerabilities
85875
50793
UNKNOWN
1.3.2
Multisite plugin Manager 3.1.1 - Two Cross-Site Scripting Vulnerabilities
85818
50762
XSS
3.1.2
ABC Test - "id" Cross-Site Scripting Vulnerability
http://scott-herbert.com/?p=142
85773
50608
XSS
Token Manager 1.0.2 - "tid" Cross-Site Scripting Vulnerabilities
85738
50722
XSS
Sexy Add Template 1.0 - PHP Code Execution CSRF
85730
50709
CSRF
Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability
85729
50717
http://packetstormsecurity.org/files/116774/
CSRF
MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability
85682
2012-4242
50571
http://packetstormsecurity.org/files/116713/
XSS
WP-TopBar 4.02 - wp-topbar.php wptbbartext Parameter XSS
85659
50693
21393
XSS
4.03
WP-TopBar 4.02 - TopBar Message Manipulation CSRF
85660
50693
21393
CSRF
4.03
wp-topbar <= 3.04 - XSS in ZeroClipboard.swf
http://1337day.com/exploit/20396
XSS
HD Webplayer - Two SQL Injection Vulnerabilities
87832
50466
SQLI
Cloudsafe365 - Multiple Vulnerabilities
50392
MULTI
1.47
Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access
84463
50176
LFI
1.1
Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access
84464
50176
LFI
1.1
Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability
84460
50161
UNKNOWN
1.5
WP Lead Management 3.0.0 - Script Insertion Vulnerabilities
84462
20270
50166
XSS
XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities
50173
XSS
1.0.4
G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities
84434
50100
http://packetstormsecurity.org/files/115173/
AUTHBYPASS
Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS
84418
50099
XSS
2.0
Backend Localization 1.6.1 - wp-login.php kau-boys_backend_localization_language Parameter XSS
84419
50099
XSS
2.0
Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities
49910
MULTI
0.9.2
Get Off Malicious Scripts - Cross-Site Scripting Vulnerability
50030
XSS
1.2.07.20
Cimy User Extra Fields - Arbitrary File Upload Vulnerability
49975
UPLOAD
2.3.9
Nmedia Users File Uploader - Arbitrary File Upload Vulnerability
49996
UPLOAD
2.0
wp-explorer-gallery - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20251
UPLOAD
accordion - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20254
UPLOAD
wp-catpro - Arbitrary File Upload Vulnerability
http://1337day.com/exploit/20256
UPLOAD
RLSWordPressSearch - register.php agentid Parameter SQL Injection
89824
http://packetstormsecurity.com/files/119938/
SQLI
wordpress-simple-shout-box - SQL Injection
http://cxsecurity.com/issue/WLB-2013010235
SQLI
portfolio-slideshow-pro v3 - SQL Injection
http://cxsecurity.com/issue/WLB-2013010236
SQLI
Simple History - RSS Feed "rss_secret" Disclosure Weakness
89640
51998
http://www.securityfocus.com/bid/57628
UNKNOWN
1.0.8
p1m media manager - SQL Injection Vulnerability
http://1337day.com/exploit/20270
SQLI
wp-table-reloaded <= 1.9.3 - zeroclipboard.swf id Parameter XSS
89754
2013-1463
52027
http://packetstormsecurity.com/files/119968/
http://seclists.org/bugtraq/2013/Feb/28
http://www.securityfocus.com/bid/57664
XSS
1.9.4
Gallery - "load" Remote File Inclusion Vulnerability
89753
2012-4919
51347
http://www.securityfocus.com/bid/57650
RFI
ForumConverter - SQL Injection Vulnerability
http://1337day.com/exploit/20275
SQLI
Newsletter - SQL Injection Vulnerability
http://1337day.com/exploit/20287
SQLI
3.0.9
Newsletter 3.2.6 - "alert" Cross-Site Scripting Vulnerability
93421
53398
http://packetstormsecurity.com/files/121634/
http://www.securityfocus.com/bid/59856
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php
XSS
3.2.7
CommentLuv 2.92.3 - Cross Site Scripting Vulnerability
89925
2013-1409
https://www.htbridge.com/advisory/HTB23138
http://packetstormsecurity.com/files/120090/
http://seclists.org/bugtraq/2013/Feb/30
http://cxsecurity.com/issue/WLB-2013020040
52092
XSS
2.92.4
wp-forum - SQL Injection
http://cxsecurity.com/issue/WLB-2013020035
SQLI
WP ecommerce Shop Styling 1.7.2 - generate-pdf.php dompdf Parameter Remote File Inclusion
89921
2013-0724
51707
RFI
1.8
Audio Player - player.swf playerID Parameter XSS
89963
2013-1464
http://packetstormsecurity.com/files/120129/
http://seclists.org/bugtraq/2013/Feb/35
52083
XSS
2.0.4.6
CKEditor 4.0 - Arbitrary File Upload Exploit
http://1337day.com/exploit/20318
UPLOAD
myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection
http://cxsecurity.com/issue/WLB-2013020061
SQLI
Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect
90559
REDIRECT
Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS
90502
52179
XSS
3.35
Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS
90503
52250
XSS
smart-flv - jwplayer.swf XSS
90606
2013-1765
http://www.openwall.com/lists/oss-security/2013/02/24/7
http://packetstormsecurity.com/files/115100/
XSS
Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection
http://1337day.com/exploit/20433
MULTI
PHP Shell Plugin
https://github.com/wpscanteam/wpscan/issues/138
http://plugins.svn.wordpress.org/php-shell/trunk/shell.php
RCE
Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS
90362
2013-1758
52227
http://packetstormsecurity.com/files/120378/
http://seclists.org/bugtraq/2013/Feb/83
XSS
Responsive Logo Slideshow - URL and Image Field XSS
90406
2013-1759
http://packetstormsecurity.com/files/120379/
http://seclists.org/bugtraq/2013/Feb/84
XSS
zopim-live-chat <= 1.2.5 - XSS in ZeroClipboard
90374
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
wppygments <= 0.3.2 - XSS in ZeroClipboard
90374
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
copy-in-clipboard <= 0.8 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
search-and-share 0.9.3 - SearchAndShare.php Direct Request Path Disclosure
93260
http://packetstormsecurity.com/files/121595/
http://seclists.org/fulldisclosure/2013/May/49
FPD
search-and-share <= 0.9.3 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
placester <= 0.3.12 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
drp-coupon <= 2.1 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
coupon-code-plugin <= 2.1 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
q2w3-inc-manager <= 2.3.1 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
scorerender <= 0.3.4 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
wp-link-to-us <= 2.0 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
buckets <= 0.1.9.2 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
java-trackback <= 0.2 - XSS in ZeroClipboard
http://1337day.com/exploit/20396
2013-1808
XSS
slidedeck2 2.3.3 - Unspecified File Inclusion
105132
UNKNOWN
2.3.5
slidedeck2 <= 2.1.20130228 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
wp-clone-by-wp-academy <= 2.1.1 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
tiny-url <= 1.3.2 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
thethe-layout-grid <= 1.0.0 - XSS in ZeroClipboard.
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
mobileview <= 1.0.7 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
geshi-source-colorer <= 0.13 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
cleeng <= 2.3.2 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
bp-code-snippets <= 2.0 - XSS in ZeroClipboard
http://www.openwall.com/lists/oss-security/2013/03/10/2
http://1337day.com/exploit/20396
2013-1808
XSS
snazzy-archives <= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS
91127
2009-4168
52527
http://www.openwall.com/lists/oss-security/2013/03/10/3
XSS
1.7.2
vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS
91128
2009-4168
52539
http://seclists.org/oss-sec/2013/q1/616
http://www.openwall.com/lists/oss-security/2013/03/11/1
XSS
Terillion Reviews < 1.2 - Profile Id Field XSS
91123
2013-2501
http://packetstormsecurity.com/files/120730/
http://www.securityfocus.com/bid/58415
http://xforce.iss.net/xforce/xfdb/82727
XSS
o2s-gallery - Cross Site Scripting Vulnerability
http://1337day.com/exploit/20516
XSS
bp-gallery 1.2.5 - Cross Site Scripting Vulnerability
http://1337day.com/exploit/20518
XSS
Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS
91446
24850
http://packetstormsecurity.com/files/120833/
XSS
Simply Poll 1.4.1 - wp-admin/admin.php Poll Manipulation CSRF
91447
52681
24850
http://packetstormsecurity.com/files/120833/
CSRF
Occasions 1.0.4 - Manipulation CSRF
91489
24858
52651
http://packetstormsecurity.com/files/120871/
CSRF
Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS
91490
24858
http://packetstormsecurity.com/files/120871/
XSS
Mathjax Latex 1.1 - Setting Manipulation CSRF
91737
24889
http://packetstormsecurity.com/files/120931/
http://1337day.com/exploit/20566
CSRF
1.2
WP-Banners-Lite 1.4.0 - XSS vulnerability
http://packetstormsecurity.com/files/120928/
http://seclists.org/fulldisclosure/2013/Mar/209
http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
XSS
Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure
91631
2013-2741
http://packetstormsecurity.com/files/120923/
http://seclists.org/fulldisclosure/2013/Mar/206
AUTHBYPASS
Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass
91890
2013-2743
http://packetstormsecurity.com/files/120923/
http://seclists.org/fulldisclosure/2013/Mar/206
AUTHBYPASS
Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure
91891
2013-2744
http://packetstormsecurity.com/files/120923/
http://seclists.org/fulldisclosure/2013/Mar/206
http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html
UNKNOWN
Backupbuddy - importbuddy.php Restore Operation Persistence Weakness
91892
2013-2742
http://packetstormsecurity.com/files/120923/
http://seclists.org/fulldisclosure/2013/Mar/206
AUTHBYPASS
FuneralPress 1.1.6 - Persistent XSS
24914
2013-3529
91868
http://seclists.org/fulldisclosure/2013/Mar/282
XSS
chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
37903
2009-4140
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
0.5
spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
exploit/unix/webapp/open_flash_chart_upload_exec
UPLOAD
podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS
91129
2013-2714
52544
http://packetstormsecurity.com/files/121011/
XSS
8.8.10.17
fbsurveypro - XSS Vulnerability
http://1337day.com/exploit/20623
XSS
timelineoptinpro - XSS Vulnerability
http://1337day.com/exploit/20620
XSS
kioskprox - XSS Vulnerability
http://1337day.com/exploit/20624
XSS
bigcontact - SQLI
http://plugins.trac.wordpress.org/changeset/689798
SQLI
1.4.7
drawblog - CSRF
http://plugins.trac.wordpress.org/changeset/691178
CSRF
0.81
Social Media Widget - malicious code
https://plugins.trac.wordpress.org/changeset?reponame=&old=691839@social-media-widget/trunk&new=693941@social-media-widget/trunk
http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
UNKNOWN
4.0.2
Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection
92312
2013-1949
53020
http://seclists.org/oss-sec/2013/q2/10
UNKNOWN
4.0.1
facebook-members 5.0.4 - Setting Manipulation CSRF
92642
52962
2013-2703
CSRF
5.0.5
foursquare-checkins - CSRF
92641
2013-2709
53151
CSRF
1.3
Formidable Forms 1.06.03 - ofc_upload_image.php Shell Upload Remote Code Execution
106985
http://www.securityfocus.com/bid/67390
http://packetstormsecurity.com/files/126583/
RCE
formidable Pro - Unspecified Vulnerabilities
53121
UNKNOWN
1.06.09
All in one webmaster 8.2.3 - Script Insertion CSRF
92640
52877
2013-2696
CSRF
8.2.4
background-music 1.0 - jPlayer.swf XSS
53057
XSS
haiku-minimalist-audio-player <= 1.1.0 - jPlayer.swf XSS
51336
XSS
1.1.0
jammer <= 0.2 - jPlayer.swf XSS
53106
XSS
SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS
106587
XSS
3.1.10
SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS
92848
53235
XSS
3.1.6
top-10 1.9.2 - Setting Manipulation CSRF
92849
53205
CSRF
1.9.3
Easy AdSense Lite 6.06 - Setting Manipulation CSRF
92910
2013-2702
52953
CSRF
6.10
uk-cookie - XSS
87561
http://seclists.org/bugtraq/2012/Nov/50
2012-5856
XSS
uk-cookie - CSRF
http://www.openwall.com/lists/oss-security/2013/06/06/10
94032
2013-2180
CSRF
wp-cleanfix - Remote Command Execution, CSRF and XSS
https://github.com/wpscanteam/wpscan/issues/186
http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning
93450
53395
93468
2013-2108
2013-2109
MULTI
3.0.2
Mail On Update 5.1.0 - Email Option Manipulation CSRF
93452
53449
http://www.openwall.com/lists/oss-security/2013/05/16/8
CSRF
5.2.0
Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection
http://packetstormsecurity.com/files/121492/
XXE
Advanced XML Reader 0.1.1 - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
92904
http://seclists.org/bugtraq/2013/May/5
XXE
Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability
93364
2013-3477
53321
CSRF
1.3.2
WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability
93362
2013-3476
53279
CSRF
2.7.2
Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability
93363
2013-3257
53122
http://www.securityfocus.com/bid/59836
CSRF
2.7.2
WP Print Friendly 3.3.7 - wp-admin/options.php printfriendly_option custom_image Parameter XSS
103874
http://packetstormsecurity.com/files/125420/
XSS
0.5.3
WP Print Friendly <= 0.5.2 - Security Bypass Vulnerability
93243
53371
UNKNOWN
0.5.3
Contextual Related Posts 1.8.10.1 - contextual-related-posts.php Multiple Parameter SQL Injection
104655
2014-3937
http://www.securityfocus.com/bid/67853
SQLI
1.8.10.2
Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability
93088
2013-2710
52960
CSRF
1.8.7
Calendar 1.3.2 - Entry Addition CSRF
93025
2013-2698
52841
CSRF
1.3.3
Feedweb 2.4 - feedweb_settings.php _wp_http_referer Parameter DOM-based XSS
103788
57108
http://www.securityfocus.com/bid/65800
XSS
Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS
91951
2013-3720
52855
http://www.securityfocus.com/bid/58771
XSS
1.9
WP-Print 2.51 - Setting Manipulation CSRF
92053
2013-2693
52878
http://www.securityfocus.com/bid/58900
CSRF
2.52
Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS
92197
2013-3526
52929
http://packetstormsecurity.com/files/121167/
XSS
WP-DownloadManager 1.60 - Script Insertion CSRF
92119
2013-2697
52863
http://www.securityfocus.com/bid/58937
CSRF
1.61
Digg Digg 5.3.4 - Setting Manipulation CSRF
93544
2013-3258
53120
http://www.securityfocus.com/bid/60046
http://xforce.iss.net/xforce/xfdb/84418
CSRF
5.3.5
SS Quiz - Multiple Unspecified Vulnerabilities
93531
53378
http://wordpress.org/plugins/ssquiz/changelog/
UNKNOWN
2.0
FunCaptcha 0.3.2- Setting Manipulation CSRF
92272
53021
http://wordpress.org/extend/plugins/funcaptcha/changelog/
CSRF
0.3.3
FunCaptcha 0.4.3 - wp_funcaptcha_admin_activate.php URI XSS
100392
55863
XSS
0.4.4
xili-language - index.php lang Parameter XSS
93233
53364
XSS
2.8.6
WordPress SEO - Security issue which allowed any user to reset settings
http://wordpress.org/plugins/wordpress-seo/changelog/
UNKNOWN
1.4.5
WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS
97885
http://packetstormsecurity.com/files/123028/
XSS
WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass
92147
52949
UNKNOWN
Under Construction 1.09 - Authenticated Single Page Viewing Unspecified Issue
102507
UNKNOWN
1.10
Under Construction 1.08 - Setting Manipulation CSRF
http://wordpress.org/plugins/underconstruction/changelog/
93857
52881
2013-2699
CSRF
1.09
ADIF Log Search Widget - XSS Arbitrary Vulnerability
http://packetstormsecurity.com/files/121777/
93721
53599
XSS
Exploit Scanner - FPD and Security bypass vulnerabilities
http://seclists.org/fulldisclosure/2013/May/216
93799
MULTI
GA Universal 1.0 - Setting Manipulation CSRF
92237
52976
http://wordpress.org/plugins/ga-universal/changelog/
CSRF
1.0.1
Export to text - Remote File Inclusion Vulnerability
51348
93715
RFI
2.3
qTranslate 2.5.34 - Setting Manipulation CSRF
93873
2013-3251
53126
CSRF
Image slider with description - Unspecified Vulnerability
53588
93691
UNKNOWN
7.0
User Role Editor - Cross-Site Request Forgery Vulnerability
53593
93699
25721
CSRF
3.14
EELV Newsletter 3.4.3 - lettreinfo.php Unspecified XSS
104875
XSS
3.5.0
EELV Newsletter - Cross-Site Scripting Vulnerability
53546
93685
XSS
3.3.1
Frontier Post - Publishing Posts Security Bypass
53474
93639
UNKNOWN
Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities
53491
93591
93593
93594
93595
93596
93597
93598
MULTI
Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities
53481
93582
93583
93584
93585
93586
93587
93588
MULTI
AntiVirus 1.0 - PHP Backdoor Detection Bypass
95134
http://packetstormsecurity.com/files/121833/
http://seclists.org/fulldisclosure/2013/Jun/0
UNKNOWN
AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure
95135
http://packetstormsecurity.com/files/121833/
http://seclists.org/fulldisclosure/2013/Jun/0
FPD
1.1
WP Maintenance Mode 1.8.7 - Setting Manipulation CSRF
94450
2013-3250
53125
CSRF
1.8.8
Ultimate Auction 1.0 - CSRF Vulnerability
94407
26240
CSRF
Leaflet Maps Marker - Multiple security issues
49845
http://www.mapsmarker.com/2012/06/06/leaflet-maps-marker-v2-4-is-available/
MULTI
2.4
Leaflet Maps Marker - Tag Multiple Parameter SQL Injection
94388
53855
http://www.mapsmarker.com/2013/05/24/v3-5-4-with-lots-of-translation-updates-bugfixes-is-available/
SQLI
3.5.4
Leaflet Maps Marker Pro - SQLI, XSS, Shell Upload, file delete
http://www.mapsmarker.com/2014/03/26/pro-v1-5-8-with-wordpress-3-9-compatibility-improvements-based-on-a-security-audit-by-the-city-of-vienna-is-available/
MULTI
1.5.8
Xorbin Analog Flash Clock 1.0 - Flash-based XSS
http://packetstormsecurity.com/files/122222/
2013-4692
XSS
Xorbin Digital Flash Clock 1.0 - Flash-based XSS
http://packetstormsecurity.com/files/122223/
2013-4693
XSS
Dropdown Menu Widget 1.9.1 - Script Insertion CSRF
94771
2013-2704
52958
CSRF
BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
94807
2013-4944
54048
XSS
1.0.2
wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection
94702
SQLI
Stream Video Player <= 1.4.0 - Setting Manipulation CSRF
94466
2013-2706
52954
CSRF
Duplicator - installer.cleanup.php package Parameter XSS
95627
2013-4625
http://packetstormsecurity.com/files/122535/
XSS
0.4.5
Citizen Space 1.0 - Script Insertion CSRF
95570
54256
CSRF
1.1
Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion
95557
26804
http://packetstormsecurity.com/files/122396/
RFI
Pie Register - wp-login.php Multiple Parameter XSS
95160
2013-4954
54123
http://www.securityfocus.com/bid/61140
http://xforce.iss.net/xforce/xfdb/85604
XSS
1.31
Xhanch my Twitter - CSRF in admin/setting.php
96027
53133
2013-3253
CSRF
2.7.7
SexyBookmarks - Setting Manipulation CSRF
95908
2013-3256
53138
CSRF
6.1.5.0
HMS Testimonials 2.0.10 - CSRF
http://wordpress.org/plugins/hms-testimonials/changelog/
2013-4240
96107
96108
96109
96110
96111
54402
27531
http://packetstormsecurity.com/files/122761/
CSRF
2.0.11
HMS Testimonials 2.0.10 - XSS
http://wordpress.org/plugins/hms-testimonials/changelog/
2013-4241
96107
96108
96109
96110
96111
54402
27531
http://packetstormsecurity.com/files/122761/
XSS
2.0.11
IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF
96792
2013-5672
28054
http://packetstormsecurity.com/files/123036/
http://seclists.org/fulldisclosure/2013/Sep/5
CSRF
IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection
96793
2013-5673
28054
http://packetstormsecurity.com/files/123036/
http://seclists.org/fulldisclosure/2013/Sep/5
SQLI
IndiaNIC Testimonial 2.2 - iNIC_testimonial_save Action Multiple Parameter XSS
96795
28054
http://packetstormsecurity.com/files/123036/
http://seclists.org/fulldisclosure/2013/Sep/5
XSS
Usernoise 3.7.8 - Feedback Submission summary Field XSS
96000
27403
http://packetstormsecurity.com/files/122701/
XSS
3.7.9
platinum_seo_pack.php - s Parameter Reflected XSS
97263
2013-5918
1.3.8
XSS
Design Approval System 3.6 - XSS Vulnerability
97192
97279
54704
http://seclists.org/bugtraq/2013/Sep/54
http://packetstormsecurity.com/files/123227/
2013-5711
3.7
XSS
Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF
97042
http://packetstormsecurity.com/files/123132/
CSRF
Event Easy Calendar 1.0.0 - Multiple Unspecified XSS
97041
http://packetstormsecurity.com/files/123132/
XSS
Bradesco - falha.php URI Reflected XSS
97624
2013-5916
http://packetstormsecurity.com/files/123356/
XSS
Social Hashtags 2.0.0 - New Post Title Field Stored XSS
98027
http://packetstormsecurity.com/files/123485/
XSS
Simple Flickr Display - Username Field Stored XSS
97991
XSS
Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution
97662
2013-5961
28452
http://packetstormsecurity.com/files/123349/
http://xforce.iss.net/xforce/xfdb/87384
UPLOAD
SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability
http://packetstormsecurity.com/files/123493/
55162
UPLOAD
All in One SEO Pack <= 2.1.5 - aioseop_functions.php new_meta Parameter XSS
107640
http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html
2.1.6
XSS
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
107641
http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html
2.1.6
AUTHBYPASS
All in One SEO Pack <= 2.0.3 - XSS Vulnerability
98023
2013-5988
http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html
http://packetstormsecurity.com/files/123490/
http://www.securityfocus.com/bid/62784
http://seclists.org/bugtraq/2013/Oct/8
55133
2.0.3.1
XSS
Simple Dropbox Upload - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/123235/
http://xforce.iss.net/xforce/xfdb/87166
97457
54856
2013-5963
1.8.8.1
UPLOAD
WP Ultimate Email Marketer - Multiple Vulnerabilities
97648
97649
97650
97651
97652
97653
97654
97655
97656
2013-3263
2013-3264
53170
http://www.securityfocus.com/bid/62621
MULTI
mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue
101718
UNKNOWN
1.4.3
miniAudioPlayer 1.3.8 - maplayertinymce.php Multiple Parameter XSS
97768
54979
http://packetstormsecurity.com/files/123372/
http://www.securityfocus.com/bid/62629
XSS
Custom Website Data 1.2 - Record Deletion CSRF
101642
54823
CSRF
1.3
Custom Website Data 1.0 - wp-admin/admin.php ref Parameter XSS
97668
54865
http://www.securityfocus.com/bid/62624
XSS
1.1
Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
97481
54894
2013-5962
28377
http://packetstormsecurity.com/files/123303/
http://xforce.iss.net/xforce/xfdb/87172
3.3.4
UPLOAD
LBG Zoominoutslider - add_banner.php name Parameter Stored XSS
97887
54983
http://packetstormsecurity.com/files/123367/
XSS
LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS
99339
http://packetstormsecurity.com/files/123914/
http://seclists.org/fulldisclosure/2013/Nov/30
XSS
LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS
99340
http://packetstormsecurity.com/files/123914/
http://seclists.org/fulldisclosure/2013/Nov/30
XSS
LBG Zoominoutslider - add_banner.php Unspecified XSS
99320
http://packetstormsecurity.com/files/123367/
XSS
LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure
99341
http://seclists.org/fulldisclosure/2013/Nov/30
FPD
Woopra - Remote Code Execution
http://packetstormsecurity.com/files/123525/
RCE
fGallery_Plus - fim_rss.php album Parameter Reflected XSS
97625
http://packetstormsecurity.com/files/123347/
http://seclists.org/bugtraq/2013/Sep/105
http://seclists.org/bugtraq/2013/Sep/107
http://seclists.org/bugtraq/2013/Sep/108
XSS
NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection
97528
28485
2013-5917
http://packetstormsecurity.com/files/123331/
SQLI
Comment Attachment 1.0 - XSS Vulnerability
2013-6010
97600
http://packetstormsecurity.com/files/123327/
http://www.securityfocus.com/bid/62438
XSS
Mukioplayer 1.6 - SQL Injection
97609
http://packetstormsecurity.com/files/123231/
SQLI
Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Arbitrary Site Redirect
97881
http://packetstormsecurity.com/files/122992/
UNKNOWN
Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Reflected XSS
97882
http://packetstormsecurity.com/files/122992/
XSS
Simple Login Registration 1.0.1 - XSS
96660
54583
http://packetstormsecurity.com/files/122963/
XSS
Post Gallery - XSS
http://packetstormsecurity.com/files/122957/
XSS
ProPlayer 4.7.9.1 - SQL Injection
25605
93564
SQLI
Booking Calendar 4.1.4 - CSRF Vulnerability
96088
27399
54461
http://packetstormsecurity.com/files/122691/
http://wpbookingcalendar.com/
CSRF
4.1.6
ThinkIT <= 0.3 - wp-admin/admin.php Contact Form Deletion CSRF
96514
54592
27751
http://packetstormsecurity.com/files/122898/
CSRF
ThinkIT <= 0.2 - wp-admin/admin.php toitcf_current_id Parameter XSS
96515
54592
27751
http://packetstormsecurity.com/files/122898/
XSS
0.3
Quick Contact Form 6.2 - Unspecified XSS
101782
XSS
6.3
Quick Contact Form 6.0 - Persistent XSS
98279
28808
55172
http://packetstormsecurity.com/files/123549/
http://quick-plugins.com/quick-contact-form/
XSS
6.1
Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS
98715
55292
http://packetstormsecurity.com/files/123662/
XSS
Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53850
FPD
IndiaNIC FAQs Manager 1.0 - Blind SQL Injection
91623
24868
http://packetstormsecurity.com/files/120911/
SQLI
IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS
91624
24867
52780
http://packetstormsecurity.com/files/120910/
XSS
IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure
91625
24867
http://packetstormsecurity.com/files/120910/
UNKNOWN
IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF
91626
52780
24867
http://packetstormsecurity.com/files/120910/
CSRF
Booking System - events_facualty_list.php eid Parameter Reflected XSS
96740
http://packetstormsecurity.com/files/122289/
XSS
Booking System 1.2 - dopbs-backend-forms.php booking_form_id Parameter SQL injection
107204
2014-3210
http://www.securityfocus.com/archive/1/532168
SQLI
1.3
JS Restaurant - popup.php restuarant_id Parameter SQL Injection
96743
http://packetstormsecurity.com/files/122316/
SQLI
FlagEm - flagit.php cID Parameter XSS
98226
http://www.securityfocus.com/bid/61401
http://xforce.iss.net/xforce/xfdb/85925
http://packetstormsecurity.com/files/122505/
XSS
Chat - message Parameter XSS
95984
54403
XSS
Shareaholic - Unspecified CSRF
96321
54529
CSRF
7.0.3.4
Page Showcaser Boxes - Title Field Stored XSS
97579
XSS
A Forms 1.4.0 - a-forms.php a_form_tracking_page FunctionMultiple Parameters SQL Injection
96404
SQLI
1.4.2
A Forms 1.4.0 - Form Submission CSRF
96381
54489
CSRF
1.4.1
A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS
96410
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS
96809
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS
96810
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS
96811
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php a_form_page Function Multiple Parameter XSS
96812
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php a_form_section_page Function message Parameter XSS
96813
54489
XSS
1.4.2
A Forms 1.4.0 - a-forms.php a_form_tracking_page Function Multiple Parameter XSS
96814
54489
XSS
1.4.2
ShareThis 7.0.3 - Setting Manipulation CSRF
96884
2013-3479
53135
http://www.securityfocus.com/bid/62154
CSRF
7.0.6
Simple Flash Video 1.7 - Cross Site Scripting
98371
http://packetstormsecurity.com/files/123562/
http://www.securityfocus.com/bid/62950
XSS
Landing Pages 1.2.3 - Unspecified Issue
102442
UNKNOWN
1.3.1
Landing Pages 1.2.1 - module.utils.php post Parameter SQL Injection
98334
2013-6243
55192
http://www.securityfocus.com/bid/62942
http://xforce.iss.net/xforce/xfdb/87803
SQLI
1.2.3
Landing Pages 1.2.1 - module.redirect-ab-testing.php permalink_name Parameter SQL Injection
102407
SQLI
1.2.3
Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF
98352
2013-5977
28959
55265
http://packetstormsecurity.com/files/123587/
CSRF
1.5.1.15
Cart66 - admin.php cart66-products Page Multiple Field Stored XSS
98353
2013-5978
28959
http://packetstormsecurity.com/files/123587/
XSS
1.5.1.15
Wise Search Widget 1.1 - s Parameter Reflected XSS
97989
XSS
Catholic Liturgical Calendar Widget 0.0.1 - Title Field Stored XSS
98026
XSS
0.0.2
Zenphoto 1.4.5.2 - wordpress_import.php wp_prefix Function SQL Injection
98091
http://packetstormsecurity.com/files/123501/
http://www.securityfocus.com/bid/62815
http://seclists.org/bugtraq/2013/Oct/20
SQLI
1.4.5.4
Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS
103475
http://seclists.org/fulldisclosure/2014/Feb/170
XSS
1.2.2
Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation
103476
http://seclists.org/fulldisclosure/2014/Feb/170
UNKNOWN
1.2.2
Group Documents 1.2.1 - Document Property Manipulation CSRF
103477
http://seclists.org/fulldisclosure/2014/Feb/170
CSRF
1.2.2
Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS
98246
55130
http://www.securityfocus.com/bid/62886
XSS
1.2.2
AB Categories Search Widget 0.1 - s Parameter Reflected XSS
97987
XSS
SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure
98456
55262
http://www.securityfocus.com/bid/63009
UNKNOWN
0.2.5
Spider Video Player 2.1 - settings.php theme Parameter SQL Injection
92264
2013-3532
http://packetstormsecurity.com/files/121250/
http://www.securityfocus.com/bid/59021
http://xforce.iss.net/xforce/xfdb/83374
SQLI
Spider Video Player 2.1 - settings.php s_v_player_id Parameter Reflected XSS
100848
http://packetstormsecurity.com/files/124353/
XSS
Finalist - vote.php id Parameter Reflected XSS
98665
http://packetstormsecurity.com/files/123597/
XSS
Finalist - vote.php id Parameter SQL Injection
98665
http://packetstormsecurity.com/files/120951/
SQLI
Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS
98668
55296
28970
http://packetstormsecurity.com/files/123634/
http://www.securityfocus.com/bid/63021
XSS
Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure
98641
55257
http://www.securityfocus.com/bid/63172
http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/
XSS
1.1.1
WP Realty - MySQL Time Based Injection
98748
29021
http://packetstormsecurity.com/files/123655/
http://www.securityfocus.com/bid/63217
SQLI
WP Realty - index_ext.php listing_id Parameter Reflected XSS
101583
http://packetstormsecurity.com/files/124418/
XSS
Feed - news_dt.php nid Parameter SQL Injection
94804
http://packetstormsecurity.com/files/122260/
SQLI
Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF
98717
2013-2701
52951
http://www.securityfocus.com/bid/63198
CSRF
Social Sharing Toolkit 2.1.1 - Unspecified XSS
98931
2013-6280
XSS
2.1.2
Videowall - index.php page_id Parameter Reflected XSS
98765
http://packetstormsecurity.com/files/123693/
http://seclists.org/bugtraq/2013/Oct/98
XSS
Really simple Facebook Twitter share buttons 2.10.4 - Settings Page Manipulation CSRF
97190
54707
http://www.securityfocus.com/bid/62268
CSRF
2.10.5
Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS
90365
51088
XSS
Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS
90366
51088
XSS
Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF
98922
55456
http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/
CSRF
Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS
98923
55456
http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/
XSS
MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness
91274
2013-0731
2013-2640
51917
XSS
1.3.3
WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion
90243
50836
LFI
1.3.2
WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access
90244
50836
UNKNOWN
1.3.2
Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion
98916
http://packetstormsecurity.com/files/123744/
LFI
0.1.1
Easy Photo Album 1.1.5 - Album Information Disclosure
98802
AUTHBYPASS
1.1.6
Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution
82830
http://packetstormsecurity.com/files/113402/
http://www.securityfocus.com/bid/53898
RCE
Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS
98831
2013-6281
55396
http://packetstormsecurity.com/files/123699/
http://www.securityfocus.com/bid/63256
XSS
Tweet Blender 4.0.1 - Unspecified XSS
98978
2013-6342
55780
http://packetstormsecurity.com/files/124047/
XSS
4.0.2
WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability
http://packetstormsecurity.com/files/119159/
UPLOAD
Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS
106558
XSS
0.7.9.4
Connections <= 0.7.1.5 - Unspecified Security Vulnerability
2011-5254
http://www.securityfocus.com/bid/51204
XSS
0.7.1.5
Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS
99045
55443
http://packetstormsecurity.com/files/123924/
http://www.securityfocus.com/bid/63382
XSS
2.0.20
Gallery Bank 2.0.19 - Multiple Unspecified Issues
99046
55443
http://www.securityfocus.com/bid/63382
UNKNOWN
2.0.20
Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS
99345
55443
http://www.securityfocus.com/bid/63385
http://seclists.org/fulldisclosure/2013/Nov/38
XSS
2.0.20
Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection
99195
55445
http://www.securityfocus.com/bid/63441
SQLI
Checkout Plugin - File Upload Remote Code Execution
99225
http://packetstormsecurity.com/files/123866/
RCE
MobileChief - jQuery Validation Cross-Site Scripting Vulnerability
55501
http://packetstormsecurity.com/files/123809/
XSS
Facebook Survey Pro - timeline/index.php id Parameter SQL Injection
87817
22853
http://packetstormsecurity.com/files/118238/
http://www.securityfocus.com/bid/56595
http://xforce.iss.net/xforce/xfdb/80141
SQLI
Live Comment Preview 2.0.2 - Comment Field Preview XSS
92944
XSS
Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability
99515
55464
http://www.securityfocus.com/bid/63557
CSRF
2.0.21
Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure
99485
FPD
FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53855
UPLOAD
Another WordPress Classifieds - Unspecified Image Upload Vulnerability
http://www.securityfocus.com/bid/52861
UPLOAD
Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53894
UPLOAD
Social Slider <= 5.6.5 - social-slider-2/ajax.php rA Parameter SQL Injection
74421
45549
17617
SQLI
6.0.0
Redirection 2.3.3 - view/admin/item.php URL Handling Reflected XSS
101774
XSS
2.3.4
Redirection - wp-admin/tools.php id Parameter XSS
74783
45782
XSS
2.2.9
eShop - wp-admin/admin.php Multiple Parameter XSS
74464
45553
http://seclists.org/bugtraq/2011/Aug/52
XSS
6.2.9
All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Unspecified XSS
74900
45579
XSS
All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Direct Request AdSense Account Manipulation
74899
45579
XSS
Search N Save - SearchNSave/error_log Direct Request Path Disclosure
95196
54078
FPD
TagGator - 'tagid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52908
SQLI
Uploadify Integration 0.9.6 - Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52944
XSS
WPsc MijnPress - 'rwflush' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53302
XSS
Leaflet Maps Marker 3.5.2 - Two SQL Injection Vulnerabilities
53855
SQLI
3.5.3
XML Sitemap Generator 3.2.8 - XML File Overwrite Arbitrary Code Execution
89411
http://packetstormsecurity.com/files/119357/
RCE
Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure
88954
http://xforce.iss.net/xforce/xfdb/81007
FPD
Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass
88955
http://xforce.iss.net/xforce/xfdb/81006
http://packetstormsecurity.com/files/119274/
AUTHBYPASS
Editorial Calendar 2.6 - Post Title XSS
90226
XSS
2.7
Editorial Calendar 2.6 - Permission Verification Arbitrary Calendar Post Deletion
90227
52218
AUTHBYPASS
2.7
Editorial Calendar 2.6 - Post Query Multiple Filter SQL Injection
90228
SQLI
ShareYourCart 1.6.1 - SDK Multiple Unspecified Path Disclosure
81618
2012-4332
48960
UNKNOWN
1.7.1
ALO EasyMail Newsletter 2.4.7 - Multiple Unspecified XSS
82324
49320
XSS
2.4.8
Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
2014-2265
http://www.securityfocus.com/bid/66381/
AUTHBYPASS
3.7.2
Contact Form 7 & Old WP Versions - Crafted File Extension Upload Remote Code Execution
102776
http://packetstormsecurity.com/files/125018/
http://seclists.org/fulldisclosure/2014/Feb/0
RCE
Contact Form 7 <= 3.5.2 - Arbitrary File Upload Remote Code Execution
100189
http://packetstormsecurity.com/files/124154/
UPLOAD
3.5.3
Store Locator <= 2.6.1 - Cross-Site Request Forgery Vulnerability
100485
55276
CSRF
2.12
Optinfirex - lp/index.php id Parameter Reflected XSS
100435
http://packetstormsecurity.com/files/124188/
XSS
Amerisale-Re - Remote Shell Upload
http://packetstormsecurity.com/files/124992/
UPLOAD
Amerisale-Re - netriesdetail/upload.php edit Parameter Reflected XSS
100434
http://packetstormsecurity.com/files/124187/
http://xforce.iss.net/xforce/xfdb/89263
XSS
JS MultiHotel 2.2.1 - includes/show_image.php file Parameter Remote File Inclusion DoS
105185
http://packetstormsecurity.com/files/125959/
http://seclists.org/fulldisclosure/2014/Mar/428
RFI
JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS
105186
http://packetstormsecurity.com/files/125959/
http://seclists.org/fulldisclosure/2014/Mar/428
http://www.securityfocus.com/bid/66529
XSS
JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure
105187
http://packetstormsecurity.com/files/125959/
http://seclists.org/fulldisclosure/2014/Mar/428
FPD
JS MultiHotel 2.2.1 - includes/timthumb.php src Parameter Direct Request Path Disclosure
105119
http://seclists.org/fulldisclosure/2014/Mar/413
http://www.securityfocus.com/bid/66529
FPD
JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS
100575
55919
http://packetstormsecurity.com/files/124239/
http://www.securityfocus.com/bid/64045
XSS
DZS Video Gallery - ajax.php source Parameter Reflected XSS
103283
56904
http://packetstormsecurity.com/files/125179/
RCE
DZS Video Gallery - upload.php File Upload Remote Code Execution
100620
29834
RCE
DZS Video Gallery 3.1.3 - Remote File Disclosure
100750
http://packetstormsecurity.com/files/124317/
FPD
DZS Video Gallery - preview_allchars.swf logoLink Parameter Reflected XSS
107521
2014-3923
http://packetstormsecurity.com/files/126846/
http://www.securityfocus.com/bid/67698
http://seclists.org/fulldisclosure/2014/May/157
XSS
DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS
107522
2014-3923
http://packetstormsecurity.com/files/126846/
http://www.securityfocus.com/bid/67698
http://seclists.org/fulldisclosure/2014/May/157
XSS
DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS
107523
2014-3923
http://packetstormsecurity.com/files/126846/
http://www.securityfocus.com/bid/67698
http://seclists.org/fulldisclosure/2014/May/157
XSS
DZS Video Gallery - preview_skin_rouge.swf logoLink Parameter Reflected XSS
107524
2014-3923
http://packetstormsecurity.com/files/126846/
http://www.securityfocus.com/bid/67698
http://seclists.org/fulldisclosure/2014/May/157
XSS
AskApache Firefox Adsense 3.0 - Unspecified CSRF
100662
2013-6992
https://www.htbridge.com/advisory/HTB23188
CSRF
Ad-minister 0.6 - Unspecified XSS
100663
2013-6993
http://packetstormsecurity.com/files/124604/
https://www.htbridge.com/advisory/HTB23187
XSS
TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution
100847
http://packetstormsecurity.com/files/124352/
RCE
HuskerPortfolio 0.3 - huskerPortfolio.php File Upload CSRF
100845
http://packetstormsecurity.com/files/124359/
CSRF
FormCraft - form.php id Parameter SQL Injection
100877
56044
http://packetstormsecurity.com/files/124343/
SQLI
Zarzadzanie Kontem - ajaxfilemanager.php File Upload Arbitrary Code Execution
87834
http://packetstormsecurity.com/files/118322/
UPLOAD
Ads Box - iframe_ampl.php count Parameter SQL Injection
88257
http://packetstormsecurity.com/files/118342/
http://www.securityfocus.com/bid/56681
http://xforce.iss.net/xforce/xfdb/80256
SQLI
Broken Link Checker 1.9.1 - Bulk Action Form URL Handling XSS
101059
56053
XSS
1.9.2
Broken Link Checker 1.9.1 - Sort Direction Query Argument Handling XSS
101066
56053
XSS
1.9.2
Easy Career Openings - jobid Parameter SQL Injection
100677
http://packetstormsecurity.com/files/124309/
SQLI
Q and A 1.0.6.2 - Multiple Scripts Direct Request Path Disclosure
100793
FPD
Meta Slider 2.5 - metaslider.php id Parameter XSS
108611
http://packetstormsecurity.com/files/127288/
http://www.securityfocus.com/bid/68283
XSS
Meta Slider 2.1.6 - Multiple Script Direct Request Path Disclosure
100794
FPD
Custom Tables 3.4.4 - iframe.php key Parameter XSS
83646
49823
XSS
WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS
83645
49824
XSS
church_admin 0.33.4.5 - includes/validate.php id Parameter XSS
83644
49827
XSS
PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS
83642
49826
XSS
Artiss Code Embed 2.0.1 - wp-admin/admin.php suffix Parameter XSS
83686
49848
XSS
2.0.2
Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS
101353
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS
101352
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness
101440
http://seclists.org/fulldisclosure/2013/Dec/209
FPD
Advanced Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS
101353
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS
101352
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
Advanced Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness
101440
http://seclists.org/fulldisclosure/2013/Dec/209
FPD
Advanced Dewplayer <= 1.2 - download-file.php dew_file Parameter Traversal Arbitrary File Access
101513
55941
http://seclists.org/oss-sec/2013/q4/566
UNKNOWN
SEM WYSIWYG - Arbitrary File Upload
http://packetstormsecurity.com/files/115789/
UPLOAD
Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS
101487
56209
2013-7276
http://packetstormsecurity.com/files/124587/
XSS
Securimage-WP 3.2.4 - siwp_test.php URI XSS
93259
53376
http://packetstormsecurity.com/files/121588/
http://xforce.iss.net/xforce/xfdb/84186
XSS
Amazon Affiliate Link Localizer 1.8.2 - amazon_affiliate_link_localizer.php amzn_com Parameter XSS
100783
http://www.dfcode.org/code.php?id=27
XSS
MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass
101773
56272
AUTHBYPASS
1.20.0
April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS
101807
55576
XSS
1.4.8
WordPress Connect 2.0.3 - Editor Pages Unspecified XSS
101716
56238
XSS
Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS
101723
56214
XSS
1.3.6
Page Layout Builder 1.3.4 - Unspecified Issue
101724
56214
UNKNOWN
1.3.6
Foliopress WYSIWYG - Unspecified XSS
101726
56261
XSS
2.6.8.5
intouch 2.0 - intouch.js.php intouch_failure Parameter Reflected XSS
101822
http://packetstormsecurity.com/files/124687/
http://www.securityfocus.com/bid/64680
XSS
Nmedia MailChimp 3.1 - api_mailchimp/postToMailChimp.php abs_path Parameter XSS
83083
49538
XSS
3.2
NS Utilities 1.0 - Unspecified Remote Issue
82944
49476
UNKNOWN
1.1
Spiffy XSPF Player 0.1 - playlist.php playlist_id Parameter SQL Injection
92258
2013-3530
http://packetstormsecurity.com/files/121204/
http://www.securityfocus.com/bid/58976
http://xforce.iss.net/xforce/xfdb/83345
SQLI
Easy Media Gallery 1.2.29 - wp-admin/edit.php Multiple Parameter Stored XSS
103779
http://packetstormsecurity.com/files/125396/
http://www.securityfocus.com/bid/65804
XSS
Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF
101941
56408
http://incolumitas.com/2013/12/17/exploiting-wordpress-plugins-using-insecure-admin-forms-no-3-example-exploit-included/
CSRF
1.2.27
WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS
101946
56271
http://packetstormsecurity.com/files/124720/
http://www.securityfocus.com/bid/64713
XSS
2.8.10
WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS
101947
56271
http://packetstormsecurity.com/files/124720/
http://www.securityfocus.com/bid/64713
XSS
2.8.10
mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue
101718
56270
UNKNOWN
1.7.3
Keyring 1.5 - OAuth Example Page XSS
56367
XSS
AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS
102206
56447
XSS
1.4.2
GroupDocs Comparison 1.0.2 - grpdocscomparison.php Multiple Parameter XSS
102297
XSS
1.0.3
GroupDocs Signature 1.2.0 - grpdocs-dialog.php Multiple Parameter XSS
102298
XSS
1.2.1
GroupDocs Signature 1.2.0 - options.php Multiple Parameter XSS
102299
XSS
1.2.1
GroupDocs Viewer 1.4.1 - options.php Multiple Parameter XSS
102299
XSS
1.4.2
GroupDocs Viewer 1.4.1 - grpdocs-dialog.php Multiple Parameter XSS
102300
XSS
1.4.2
GroupDocs Document Annotation 1.3.8 - options.php Multiple Parameter XSS
102299
XSS
1.3.9
GroupDocs Document Annotation 1.3.8 - grpdocs-dialog.php Multiple Parameter XSS
102301
XSS
1.3.9
Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
102433
56428
XSS
1.1.1
SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS
102501
XSS
1.5
SS Downloads 1.4.4.1 - ss-downloads.php Multiple Variables XSS
102502
XSS
1.5
SS Downloads 1.4.4.1 - templates/download.php Multiple Parameters Reflected XSS
102503
56428
XSS
1.5
SS Downloads 1.4.4.1 - templates/register.php Multiple Parameter Reflected XSS
102504
56428
XSS
1.5
SS Downloads 1.4.4.1 - templates/emailsent.php Multiple Parameter Reflected XSS
102537
56532
XSS
1.5
SS Downloads 1.4.4.1 - templates/emailform.php Multiple Parameter Reflected XSS
102538
56532
http://packetstormsecurity.com/files/124958/
XSS
1.5
SS Downloads 1.4.4.1 - templates/emailandnameform.php Multiple Parameter Reflected XSS
102539
56532
XSS
1.5
Global Flash Galleries - popup.php id Parameter SQL Injection
104907
SQLI
Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness
102423
http://packetstormsecurity.com/files/124850/
http://www.securityfocus.com/bid/65060
UPLOAD
Social Connect 0.10.1 - diagnostics/test.php testing Parameter Reflected XSS
102411
56587
XSS
0.10.2
Let Them Unsubscribe 1.0 - let-them-unsubscribe.php Multiple Unspecified Issues
102500
56659
MULTI
1.1
SEO Friendly Images 2.7.4 - seo-friendly-images.php Add Page CSRF
101789
CSRF
2.7.5
SEO Friendly Images 2.7.4 - seo-friendly-images.php Multiple Parameters XSS
101790
XSS
2.7.5
Social Ring 1.0 - share.php url Parameter Reflected XSS
102424
http://packetstormsecurity.com/files/124851/
XSS
1.1.9
GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection
93581
http://packetstormsecurity.com/files/121699/
SQLI
Contus Video Gallery - index.php playid Parameter SQL Injection
93369
2013-3478
51344
http://www.securityfocus.com/bid/59845
http://xforce.iss.net/xforce/xfdb/84239
SQLI
WebEngage 2.0.0 - callback.php Multiple Parameter Reflected XSS
102560
56700
XSS
2.0.1
WebEngage 2.0.0 - renderer.php Multiple Parameter Reflected XSS
102561
56700
XSS
2.0.1
WebEngage 2.0.0 - resize.php height Parameter XSS
102562
56700
XSS
2.0.1
Fetch Tweets 1.3.3.6 - class/FetchTweets_Event_.php Missing Permission Check Unspecified Issue
102578
UNKNOWN
Seo Link Rotator - pusher.php title Parameter Reflected XSS
102594
56710
http://packetstormsecurity.com/files/124959/
XSS
Nokia Maps and Places 1.6.6 - place.html href Parameter Reflected XSS
102669
2014-1750
56604
XSS
1.6.7
Easy Webinar - get_widget.php wid Parameter SQL Injection
86754
22300
SQLI
1.6.7
WP Social Invitations <=1.4.4.2 - test.php Multiple Parameter Reflected XSS
102741
56711
XSS
1.4.4.3
Infusionsoft Gravity Forms Add-on 1.5.6 - Unspecified XSS
102742
XSS
1.5.7
Comment Control 0.3.0 - comment-control.php type Parameter SQL Injection
102581
SQLI
0.3.1
WPtouch 3.x - Insecure Nonce Generation
http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
exploit/unix/webapp/wp_wptouch_file_upload
UPLOAD
3.4.3
WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution
102582
RCE
1.9.8.1
WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection
102583
SQLI
1.9.8.1
Better Search 1.2.1 - admin.inc.php Setting Manipulation CSRF
102584
CSRF
1.3
Very Simple Contact Form 1.1 - Unspecified Issue
102798
UNKNOWN
1.2
Stop User Enumeration 1.2.4 - POST Request Protection Bypass
102799
56643
http://packetstormsecurity.com/files/125035/
http://seclists.org/fulldisclosure/2014/Feb/3
UNKNOWN
Delightful Downloads 1.3.1.1 - meta-boxes.php dedo_meta_boxes_save Function Multiple Action Authorization Bypass
102932
AUTHBYPASS
1.3.2
Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS
102928
XSS
1.3.2
Mobiloud 1.9.0 - comments/disqus_count.php shortname Parameter Reflected XSS
102898
XSS
1.9.1
Mobiloud 1.9.0 - comments/disqus.php shortname Parameter Reflected XSS
102899
XSS
1.9.1
all_in_one_carousel 1.2.20 - /tpl/add_carousel.php id Parameter Reflected XSS
103351
56962
http://seclists.org/bugtraq/2014/Feb/38
XSS
Frontend Uploader - Unspecified File Upload Remote Code Execution
103454
31570
RCE
Acunetix WP Security 4.0.3 - /wp-admin/admin.php wps-database Page Backup Generation CSRF Weakness
103467
http://packetstormsecurity.com/files/125218/
CSRF
Aryo Activity Log - Full Path Disclosure
https://github.com/KingYes/wordpress-aryo-activity-log/pull/27
FPD
2.0.4
WP jQuery Spam 1.1 - dynamic.php id Parameter Reflected XSS
103579
XSS
1.2
Media File Renamer v1.7.0 - Persistent XSS
2014-2040
http://packetstormsecurity.com/files/125378/
http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/
XSS
Flash Player Widget - dewplayer.swf Content Spoofing
http://www.openwall.com/lists/oss-security/2013/12/30/5
UNKNOWN
Alpine PhotoTile For Instagram 1.2.6.5 - wp-admin/options-general.php general_lightbox_params Parameter XSS Weakness
103822
57198
http://packetstormsecurity.com/files/125418/
XSS
Widget Control Powered By Everyblock 1.0.1 - wp-admin/admin.php idDropdown Parameter XSS Weakness
103831
57203
http://packetstormsecurity.com/files/125421/
XSS
Search Everything 8.1.0 - options.php Unspecified CSRF
106733
CSRF
8.1.1
Search Everything 7.0.4 - Unspecified Issue
104058
SQLI
8.0
Search Everything 7.0.2 - search-everything.php s Parameter SQL Injection
103718
56802
http://www.securityfocus.com/bid/65765
2014-2316
SQLI
7.0.3
Zedity 2.5 - wp-admin/admin-ajax.php zedity_ajax Action zaction Parameter XSS
103789
57026
http://www.securityfocus.com/bid/65799
XSS
Zedity 2.4 - Cross Site Scripting
http://packetstormsecurity.com/files/125402/
XSS
WP Post to PDF 2.3.1 - wp-admin/options.php wpptopdf headerFontSize Parameter XSS
103872
http://packetstormsecurity.com/files/125432/
XSS
BSK PDF Manager 1.3 - wp-admin/admin.php Multiple Parameter XSS
103873
http://packetstormsecurity.com/files/125422/
XSS
MP3-jPlayer 1.8.7 - wp-admin/options-general.php Multiple Parameter XSS
103875
http://packetstormsecurity.com/files/125417/
XSS
Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF
103937
56157
http://packetstormsecurity.com/files/125514/
http://seclists.org/fulldisclosure/2014/Mar/20
http://www.securityfocus.com/bid/65926
CSRF
2.4
Repagent - dewplayer-vinyl.swf xml Parameter XML File Handling XSS
101353
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
Repagent - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS
101352
http://packetstormsecurity.com/files/124582/
http://www.securityfocus.com/bid/64506
http://seclists.org/fulldisclosure/2013/Dec/192
XSS
LayerSlider 4.6.1 - wp-admin/admin.php Style Editing CSRF
104393
57930
http://packetstormsecurity.com/files/125637/
CSRF
LayerSlider 4.6.1 - LayerSlider/editor.php skin Parameter Remote Path Traversal File Access
104394
57309
http://packetstormsecurity.com/files/125637/
AUTHBYPASS
XCloner 3.1.0 - Multiple Actions CSRF
2014-2340
104402
57362
32701
http://packetstormsecurity.com/files/125991/
https://www.htbridge.com/advisory/HTB23206
CSRF
3.1.1
GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF
104399
CSRF
1.5.0
ClickDesk - Live Chat Widget Multiple Field XSS
104037
http://packetstormsecurity.com/files/125528/
http://www.securityfocus.com/bid/65971
XSS
Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection
104669
SQLI
2.6
Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS
104670
XSS
2.6
mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS
104667
http://www.securityfocus.com/bid/66306
XSS
3.0.7
mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection
104668
http://www.securityfocus.com/bid/66306
SQLI
3.0.7
Simple Retail Menus 4.0.1 - includes/actions.php targetmenu Parameter SQL Injection
104680
SQLI
4.1
Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection
104682
SQLI
4.1
User Domain Whitelist 1.4 - user-domain-whitelist.php domain_whitelist Parameter Stored XSS
104681
57490
XSS
User Domain Whitelist 1.4 - user-domain-whitelist.php Domain Whitelisting Manipulation CSRF
104683
57490
CSRF
1.5
Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness
104698
57015
http://www.securityfocus.com/bid/66288
XSS
140219
Subscribe To Comments Reloaded 140204 - options/index.php Admin Settings Manipulation CSRF
104699
57015
http://www.securityfocus.com/bid/66288
CSRF
140219
Analytics360 1.2.1 - analytics360.php Multiple Action CSRF
104743
CSRF
1.2.2
Analytics360 1.2 - analytics360.php a360_error Parameter Reflected XSS
104744
XSS
1.2.1
The Events Calendar 3.0 - lib/template-classes/month.php tribe-bar-search Parameter Reflected XSS
104785
XSS
3.0.1
Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS
104870
XSS
1.6.6
ZooEffect 1.08 - wp-1pluginjquery.php HTTP Referer Header Reflected XSS
104876
XSS
1.09
Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection
104877
SQLI
2.0.5
blogVault 1.08 - Missing Account Empty Secret Key Generation
107570
BYPASS
1.09
blogVault 1.05 - admin.php blogVault Key Setting CSRF
104906
SQLI
1.06
Captcha 2.12-3.8.1 - captcha bypass
http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/
https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php
BYPASS
3.8.2
WP HTML Sitemap 1.2 - wp-html-sitemap.html Sitemap Deletion CSRF
105084
http://packetstormsecurity.com/files/125933/
http://seclists.org/fulldisclosure/2014/Mar/400
https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/
CSRF
Groups 1.4.5 - Negated Role Capability Handling Elevated Privilege Issue
104940
AUTHBYPASS
1.4.6
HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness
104951
XSS
2.4
HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection
104952
SQLI
2.4
ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS
104956
XSS
1.0b3
ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS
104957
XSS
1.0b3
ShrimpTest 1.0b2 - plugins/variant-shortcode.php Unspecified XSS
104958
XSS
1.0b3
ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS
104959
XSS
1.0b3
ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS
104960
XSS
1.0b3
ActiveHelper LiveHelp Server 3.2.2 - server/import/status.php Multiple Parameter SQL Injection
104990
SQLI
3.4.0
ActiveHelper LiveHelp Server 3.2.2 - server/import/tracker.php Multiple Parameter SQL Injection
104991
SQLI
3.4.0
ActiveHelper LiveHelp Server 3.2.2 - server/import/javascript.php Multiple Vector SQL Injection
104992
SQLI
3.4.0
ActiveHelper LiveHelp Server 3.2.2 - server/frames.php DEPARTMENT Parameter SQL Injection
104993
SQLI
3.4.0
Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS
105992
XSS
0.2.7
Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS
105993
XSS
0.2.7
Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS
105994
XSS
0.2.7
Springboard Video Quick Publish 0.2.4 - Unspecified Issue
105007
UNKNOWN
0.2.5
IgnitionDeck 1.1 - Purchase Form Unspecified XSS
105008
XSS
1.2
Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion
105087
32622
http://packetstormsecurity.com/files/125929/
http://seclists.org/fulldisclosure/2014/Mar/398
LFI
TT Guest Post Submit 1.0.0 - tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion
105120
RFI
1.0.1
WordPress-to-Lead for Salesforce CRM 1.0.4 - ov_plugin_tools.php textinput Function XSS
105146
XSS
1.0.5
WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message Handling XSS
105148
XSS
1.0.2
WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS
105147
XSS
1.0.1
Disable Comments 1.0.3 - disable_comments_settings.php Comment Status Manipulation CSRF
105245
2014-2550
57613
http://www.securityfocus.com/bid/66564
CSRF
1.0.4
WP Business intelligence lite <= 1.0.6 - Remote Code Execution Exploit
57590
http://packetstormsecurity.com/files/125927/
http://cxsecurity.com/issue/WLB-2014030243
RCE
1.1
Barclaycart - Shell Upload
http://packetstormsecurity.com/files/125552/
UPLOAD
Premium Gallery Manager - Shell Upload
http://packetstormsecurity.com/files/125586/
UPLOAD
Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass
105714
2014-0173
57729
http://jetpack.me/2014/04/10/jetpack-security-update/
BYPASS
2.9.3
Lazyest Gallery <= 1.1.20 - EXIF Script Insertion Vulnerability
57746
XSS
1.1.21
Lazyest Gallery 1.1.7 - Crafted Folder Name Unspecified Issue
105728
UNKNOWN
1.1.8
Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation
105818
UNKNOWN
0.10.4.4
Lazyest Gallery 0.4.2 - Multiple Unspecified Issues
107400
MULTI
Post Expirator <= 2.1.1 - Cross-Site Request Forgery Vulnerability
57503
CSRF
2.1.2
Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS
105707
2014-2598
57883
32867
http://www.securityfocus.com/bid/66790
https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/
XSS
5.0.5
Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF
105708
2014-2598
57883
32867
http://www.securityfocus.com/bid/66790
https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/
CSRF
5.0.5
Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF
105705
2014-2559
32868
https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/
CSRF
3.3.3
Twitget 3.3.1 - twitget.php twitget_consumer_key Parameter Stored XSS
105704
2014-2559
32868
https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/
XSS
3.3.3
HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags Handling Stored XSS
105725
57753
XSS
1.12
Unconfirmed <= 1.2.4 - unconfirmed.php s Parameter Reflected XSS
105722
57838
XSS
1.2.5
LiveOptim 1.4.3 - Configuration Setting Manipulation CSRF
105986
57990
http://www.securityfocus.com/bid/66939
CSRF
1.4.4
Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF
106014
CSRF
3.6.1
JS External Link Info 1.21 - redirect.php blog Parameter XSS
106125
http://packetstormsecurity.com/files/126238/
http://www.securityfocus.com/bid/66999
XSS
Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF
106316
CSRF
1.2
Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion
106622
RFI
0.3.6
Work The Flow File Upload 1.2.1 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass
106366
58216
http://www.securityfocus.com/bid/67083
http://packetstormsecurity.com/files/126333/
RCE
File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution
106417
2014-2558
58216
http://www.securityfocus.com/bid/67120
RCE
1.7.9.2
NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness
106474
http://www.securityfocus.com/bid/67085
XSS
1.9.18
WP Affiliate Manager - login.php msg Parameter XSS
106533
http://packetstormsecurity.com/files/126424/
XSS
Query Interface 1.1 - Multiple Unspecified Issues
106642
MULTI
1.2
Photo-Gallery - UploadHandler.php File Upload CSRF
106732
http://packetstormsecurity.com/files/126521/
CSRF
iMember360is 3.9.001 - XSS / Disclosure / Code Execution
http://1337day.com/exploit/22184
MULTI
3.9.002
Acumbamail 1.0.4 - acumbamail.class.php callAPI() Function MitM Information Disclosure
106711
67220
http://www.securityfocus.com/bid/67220
UNKNOWN
1.0.4.1
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF
106854
58095
http://www.securityfocus.com/bid/67333
CSRF
1.2
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check
106854
58095
http://www.securityfocus.com/bid/67333
UNKNOWN
1.2
Contact Bank 2.0.19 - Multiple Unspecified Issues
106868
67334
UNKNOWN
2.0.20
Bonuspressx - ar_submit.php n Parameter XSS
106931
http://packetstormsecurity.com/files/126595/
XSS
Profile Builder 1.1.59 - front-end/wppb.recover.password.php Password Recovery Bypass
106986
58511
http://www.securityfocus.com/bid/67331
AUTHBYPASS
1.1.60
Basic Google Maps Placemarks 1.10.2 - settings.php Multiple Fields Stored XSS Weakness
107121
XSS
1.10.3
Simple Popup - popup.php z Parameter XSS
107294
2014-3921
http://packetstormsecurity.com/files/126763/
http://www.securityfocus.com/bid/67562
XSS
bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS
107296
2014-3870
http://packetstormsecurity.com/files/126782/
http://www.securityfocus.com/bid/67589
XSS
Conversion Ninja - /lp/index.php id Parameter XSS
2014-4017
107297
http://packetstormsecurity.com/files/126781/
http://www.securityfocus.com/bid/67590
XSS
Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF
107354
CSRF
1.9
Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF
107355
CSRF
1.9
Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF
107356
CSRF
1.9
Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF
107357
CSRF
1.9
Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF
107358
CSRF
1.9
Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF
107359
CSRF
1.9
Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF
107360
CSRF
1.9
Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF
107361
CSRF
1.9
GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF
107399
CSRF
1.0.13
World of Warcraft Armory Table 0.2.5 - WoWArmoryTable.php page Parameter Reflected XSS
107479
58596
http://www.securityfocus.com/bid/67628
XSS
0.2.6
Participants Database 1.5.4.8 - pdb-signup CSV_type Action query Parameter SQL Injection
107626
2014-3961
58816
http://www.exploit-db.com/exploits/33613
http://packetstormsecurity.com/files/126878/
http://www.securityfocus.com/bid/67769
http://www.securityfocus.com/bid/67938
SQLI
1.5.4.9
Popup Images - popup-images/popup.php z Parameter XSS
107627
http://packetstormsecurity.com/files/126872/
XSS
Centrora Security 3.2.1 - Multiple Admin Actions CSRF
107658
CSRF
3.3.0
Lively Chat Support 1.0.29 - Unspecified Issue
107689
UNKNOWN
1.0.30
Featured Comments 1.2.1 - wp-admin/admin-ajax.php Comment Status Manipulation CSRF
107844
2014-4163
https://security.dxw.com/advisories/csrf-in-featured-comments-1-2-1-allows-an-attacker-to-set-and-unset-comment-statuses/
http://www.securityfocus.com/bid/67955
http://packetstormsecurity.com/files/127023/
CSRF
wp-football 1.1 - templates/template_worldCup_preview.php league Parameter Reflected XSS
108336
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - templates/template_default_preview.php league Parameter Reflected XSS
108337
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_phases_list.php id Parameter Reflected XSS
108338
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_matches_phase.php id Parameter Reflected XSS
108339
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_matches_load.php id_league Parameter Reflected XSS
108340
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_matches_list.php id Parameter Reflected XSS
108341
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_groups_list.php id Parameter Reflected XSS
108342
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football-functions.php f Parameter Reflected XSS
108343
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_criteria.php league Parameter Reflected XSS
108344
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
wp-football 1.1 - football_classification.php league Parameter Reflected XSS
108345
http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/
XSS
Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF
107845
2014-3850
http://www.securityfocus.com/bid/67952
http://packetstormsecurity.com/files/127024/
CSRF
JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF
2014-4030
107846
http://www.securityfocus.com/bid/67954
http://packetstormsecurity.com/files/127025/
CSRF
AdminOnline - download.php file Parameter Remote Path Traversal File Access
108024
http://packetstormsecurity.com/files/127046/
AUTHBYPASS
Ruven Toolkit 1.1 - tinymce/popup.php popup Parameter Reflected XSS
108312
XSS
Verification Code for Comments 2.1.0 - vcc.js.php Multiple Parameter Reflected XSS
108313
2014-4565
http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss
XSS
wpcb 2.4.8 - facture.php id Parameter Reflected XSS
108407
2014-4581
http://www.securityfocus.com/bid/68357
XSS
WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS
108408
2014-4578
XSS
wp-amasin-the-amazon-affiliate-shop 0.9.6 - reviews.php url Parameter Local File Inclusion
108501
2014-4577
LFI
Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion
108502
LFI
Hot Files < 1.0.0 - Cross-site scripting (XSS) vulnerability in tpls/editmedia.php
2014-4588
XSS
Yahoo Updates < 1.0 - XSS vulnerabilities in yupdates_application.php
2014-4603
http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss/
XSS
Toolpage 1.6.1 - XSS vulnerability in includes/getTipo.php
2014-4560
http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss/
XSS
Cloak and Encrypt < 2.0 - XSS vulnerability in go.php
2014-4563
http://codevigilant.com/disclosure/wp-plugin-url-cloak-encrypt-a3-cross-site-scripting-xss/
XSS
Validated < 1.0.2 - XSS vulnerability in check.php
108659
2014-4564
http://www.securityfocus.com/bid/68320
http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss/
XSS
Verwei.se WordPress Twitter < 1.0 2 - XSS vulnerability in res/fake_twitter/frame.php
2014-4566
http://codevigilant.com/disclosure/wp-plugin-verweise-wordpress-twitter-a3-cross-site-scripting-xss/
XSS
Easy Banners 1.4 - XSS vulnerability in wp-admin/options-general.php
108626
2014-4723
http://packetstormsecurity.com/files/127293/
http://www.securityfocus.com/bid/68281
XSS
Custom Banners plugin 1.2.2.2 - XSS vulnerability in custom_banners_registered_name parameter to wp-admin/options.php
108683
2014-4724
http://packetstormsecurity.com/files/127291/
http://www.securityfocus.com/bid/68279
XSS
Video Posts Webcam Recorder plugin < 1.55.4 - XSS vulnerability in posts/videowhisper/r_logout.php
2014-4568
http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss/
XSS
ZeenShare plugin < 1.0.1 - XSS vulnerability in redirect_to_zeenshare.php via the zs_sid parameter
2014-4606
http://codevigilant.com/disclosure/wp-plugin-zeenshare-a3-cross-site-scripting-xss/
XSS
ZdStatistics < 2.0.1 - XSS vulnerability in cal/test.php via the lang parameter
2014-4605
http://codevigilant.com/disclosure/wp-plugin-zdstats-a3-cross-site-scripting-xss/
XSS
Your Text Manager < 0.3.0 - XSS vulnerability in settings/pwsettings.php via the ytmpw parameter
2014-4604
http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss/
XSS
XEN Carousel < 0.12.2 - XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter
2014-4602
http://codevigilant.com/disclosure/wp-plugin-xen-carousel-a3-cross-site-scripting-xss/
XSS
WP Silverlight Media Player < 0.8 - XSS vulnerability in uploader.php via the post_id parameter
2014-4589
http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss/
XSS
WP Microblogs plugin < 0.4.0 - XSS vulnerability in get.php via the oauth_verifier parameter
2014-4590
http://codevigilant.com/disclosure/wp-plugin-wp-microblogs-a3-cross-site-scripting-xss/
XSS