phpMyFAQ version 2.9.0 suffers from a persistent cross site scripting vulnerability.
689de19daf66f0242804f0df49c4ccacb8627d0a227c57d7faf13fa652c312e3
WordPress Double Opt-In for Download plugin version 2.0.9 suffers from a remote SQL injection vulnerability.
0226b1b453f118f1f711f249c36c8f3895903e6f6bf4839c1156a436f8b476ed
Tiny Tiny RSS suffers from a remote blind SQL injection vulnerability.
234ab4e2f028e31495353f74411342081e06baeaa0ecb8070c1e52a9482835b8
WordPress Simple Ads Manager plugin version 2.9.4.116 suffers from a remote SQL injection vulnerability.
c3225024050bfa8485a3aa261ef44cdbf1842789ed7f02486760b470ce90f477
WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.
9b362b9ab07bf2eed14ac27b13523e29a163c28f80ec38b876dcdb55af0d6696
WordPress WP Fastest Cache plugin version 0.8.4.8 suffers from a remote blind SQL injection vulnerability.
6aaa25369dc28e64c704e16742bd0b7ed07bbfcf0895809f6c442cf2f847c015
WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.
2f2343418b44a8cbf6e32ee30a625bddcc69622f5d3abcc9f76b1fdbd3675567
FreiChat version 9.6 suffers from a remote SQL injection vulnerability.
340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a
WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.
e3d25f5373a83dae455e18baf666848ac55bb72a48e1200252f0f83bc659910d
Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.
7c7078ee34086c1d03364e33d9933840fb1aa284905363a1dd5744811240593f
WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability.
997d301bcb1116b79c1053692c79b280561e1e4b1955e5e2bd58e3055a40aadc
WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.
ac59d4a9526b37f10ef94defac072ade2a47ac7bfca88a79255e93f826142f61
WordPress Marketplace version 2.4.0 suffers from an arbitrary file download vulnerability.
ff5c9bca6be4f917e44ba3f43280d1887e3442049bcb78dc75cd7e35100af664
Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.
2511ecea404416465ad294b78f8909c3c96ecbc68f034d3db2a6724194814c4d
WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
532e5c85161b48d4be5a0eb89931a07b27372c263c1bbdbc5744cd1861be2d21
WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation.
2686c6ec8e9b41b2a83e9491f36cd0847817a7f345ec9514fe10d88a6c1b1be1
Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php
f02ad987ed7f1dad396989d5468e155f2bca868059ecd59d3ac73240b22cd297
WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions 3.0.8 and below authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called "demouser" with a preset password
0495c750468ab31d70256f4e711a288852e5ea85871a98e83de8ce2b6b4ee15d
Chamilo LMS version 1.9.8 suffers from remote blind SQL injection and cross site request forgery vulnerabilities.
ec57fb93efd3c6b7a858d17d03b5e0c158f84d570f58b7291ec988c1509bc7de
Photo Gallery version 1.2.5 suffers from a remote shell upload vulnerability.
cccaa6d7d8925aad8a70eeff4842b9b5c3c554891b45ac03b8d34ce6dcd33cff
WordPress Shopping Cart plugin version 3.0.4 suffers from a remote unrestricted file upload vulnerability.
03ffee15380538723ae5cfad12dd43da2119095c9012a3d59aa6577b8e1a8c0e
miniBB version 3.1 suffers from a remote blind SQL injection vulnerability.
e5da1d18bf539a350dd613c18592c5f2c52ece3839b3a480990d86cd2ceb3e87
Cart66 Lite WordPress Ecommerce version 1.5.1.17 suffers from a remote blind SQL injection vulnerability.
4fb05eedaa532058269bb78223e35bd39148a0c67cf0e6bb0632b20abde31ce7
Paid Memberships Pro version 1.7.14.2 suffers from a path traversal vulnerability.
4e6d1b287ebd0d181c3762de6568c6062d1da3e10e5905bef16c7bcb93e2e928