WordPress Booking Calendar Contact Form 1.0.2 XSS / SQL Injection
# Exploit Title: WordPress Booking Calendar Contact Form 1.0.2[Multiple vulnerabilities] # Date: 2015-05-01 # Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ #...
View ArticleWordPress Media File Manager Advanced 1.1.5 XSS / SQL Injection
Description "media-file-manager-advanced" suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker can delete/update posts,...
View ArticleWordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection
# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage:...
View ArticleWordPress easy2map 1.24 SQL Injection
Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor...
View ArticleWordPress Easy2Map-Photos 1.09 SQL Injection
Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis...
View ArticleWordPress CP Contact Form With Paypal 1.1.5 CSRF / XSS / SQL Injection
# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 # Submitter: Nitin Venkatesh # Product: CP Contact Form with Paypal...
View ArticleJoomla J2Store 3.1.6 SQL Injection
J2Store v3.1.6, a Joomla! extension that adds basic store functionality to a Joomla! instance, suffered from two unauthenticated boolean-blind and error-based SQL injection vulnerabilities. Since...
View ArticleWordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection
Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site:...
View ArticleJoomla Docman Path Disclosure / Local File Inclusion
# Joomla docman Component 'com_docman' Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI) # CWE: CWE-200(FPD) CWE-98(LFI/LFD) # Risk: High # Author: Hugo Santiago dos Santos #...
View ArticleWordPress Count Per Day 3.4 SQL Injection
Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Version(s): 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 [without...
View ArticleWordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection
# Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 # Submitter: Nitin Venkatesh # Product: Unite Gallery Lite Wordpress Plugin #...
View ArticleJoomla JNews SQL Injection
# Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management....
View ArticleWordPress Pie Register 2.0.18 SQL Injection
Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE:...
View ArticleWP Fastest Cache 0.8.4.8 Blind SQL Injection
# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact:...
View ArticleJoomla Content History SQL Injection Remote Code Execution
## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 <...
View Article