|
273031
|
6.5 |
MEDIUM
Network
|
googmonify_project
|
googmonify
|
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9427
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273032
|
4.6 |
MEDIUM
Network
|
manual_image_crop_project
|
manual_image_crop
|
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9426
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273033
|
5.4 |
MEDIUM
Network
|
byonepress
|
social_locker
|
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9425
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273034
|
6.5 |
MEDIUM
Network
|
doc4design
|
multicons
|
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9424
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273035
|
5.4 |
MEDIUM
Network
|
simplysymphony
|
plugnedit
|
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9423
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273036
|
6.5 |
MEDIUM
Network
|
simplysymphony
|
plugnedit
|
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, …
|
CWE-352
Origin Validation Error
|
CVE-2015-9422
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273037
|
6.5 |
MEDIUM
Network
|
olevmedia
|
olevmedia_shortcodes
|
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9421
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273038
|
6.1 |
MEDIUM
Network
|
mightymess
|
soundcloud_is_gold
|
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9420
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273039
|
6.1 |
MEDIUM
Network
|
captain-slider_project
|
captain-slider
|
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9419
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273040
|
4.3 |
MEDIUM
Network
|
kibokolabs
|
watupro
|
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
|
CWE-352
Origin Validation Error
|
CVE-2015-9418
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
