exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Contact Form To Email Plugin CSRF / XSS
Posted May 14, 2015
Authored by Ashiyane Digital Security Team

WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 80d72d61c11f1f3c99cabce220c21b34

Related Files

WordPress Contact Form 7 5.3.1 Shell Upload
Posted Dec 20, 2020
Authored by Ramon Vila Ferreres

WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | fb51b96b8a6834e0059bf0f53bbb280b
WordPress Contact Form Builder 1.0.67 CSRF / LFI
Posted Apr 22, 2019
Authored by Panagiotis Vagenas

WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | f6686ff9fc966ce12dba21aec12aaeb0
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery
Posted Apr 4, 2019
Authored by Panagiotis Vagenas

WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8c0bd2ff5a15ebfbedbed8b0189b5608
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-9646
MD5 | a45930f318c3daf72f829b4afa303a37
WordPress Contact Form Maker 1.12.20 XSS / CSRF / SQL Injection
Posted Jun 7, 2018
Authored by DefenseCode, Neven Biruski

WordPress Contact Form Maker plugin versions 1.12.20 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | d08badfbc380bef4839f1e6faaf47b7e
WordPress Contact Form 7 To Database Extension 2.10.32 CSV Injection
Posted Mar 31, 2018
Authored by Stefan Broeder

WordPress Contact Form 7 to Database Extension plugin version 2.10.32 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2018-9035
MD5 | d056556b41893a0bc49c21fed4a47543
WordPress WP Mobile Detector 3.5 Shell Upload
Posted Nov 3, 2017
Authored by h00die, Aaditya Purani | Site metasploit.com

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 1d01dc001a0e9ab61957d22e50f28f0c
WordPress Contact Form 7 International SMS Integration 1.2 XSS
Posted Sep 7, 2017
Authored by M.R.S.L.Y

WordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0b9ec0c731a198bb020a35fd2e3d8722
WordPress Contact Form 4.0.0 Cross Site Scripting
Posted Mar 3, 2017
Authored by Securify B.V., Julien Rentrop

WordPress Contact Form plugin version 4.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9a02b786071ae7946b341084679559f2
WordPress Contact Form Manager CSRF / XSS
Posted Mar 3, 2017
Authored by Securify B.V., Edwin Molenaar

WordPress Contact Form Manager plugin suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4987a2afdb93bc122ac36851c982c9ed
WordPress Contact Bank 2.1.21 Cross Site Scripting
Posted Aug 1, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Contact Bank plugin version 2.1.21 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8a5a6f6436586d9293d6d09294a7d296
WordPress Contact Form To Email 1.1.47 Cross Site Scripting
Posted Jul 25, 2016
Authored by Burak Kelebek

WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c93c86885ecc45c0e71ea585934a0b17
WordPress Contact Form To DB 1.4.0 Cross Site Scripting
Posted Dec 17, 2015
Authored by Madhu Akula

WordPress Contact Form To DB plugin version 1.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4271ccd36fc869cfa934bfe74b8bdb71
WordPress Contact Form 3.81 Cross Site Scripting
Posted Dec 17, 2015
Authored by Madhu Akula

WordPress Contact Form plugin version 3.81 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 433aae677f8c1ec05b070359a238bb0e
WordPress Contact Form Generator 2.0.1 CSRF
Posted Sep 5, 2015
Authored by Joaquin Ramirez Martinez

WordPress Contact Form Generator version 2.0.1 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
systems | linux
MD5 | 4149fca7d0eeac186b44661f95677ab5
WordPress Contact Form DB 2.8.29 Cross Site Request Forgery
Posted Mar 4, 2015
Authored by Tom Adams

WordPress Contact Form DB plugin version 2.8.29 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-1874
MD5 | ad5faf62121a0565c077d72e64865f8d
WordPress Photo Gallery 1.2.5 Unrestricted File Upload
Posted Feb 12, 2015
Authored by Kacper Szurek | Site metasploit.com

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-9312
MD5 | d5407ef3b9af0583a41aa80c37d5a6ae
WordPress WP EasyCart Unrestricted File Upload
Posted Feb 9, 2015
Authored by Kacper Szurek | Site metasploit.com

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions 3.0.8 and below authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called "demouser" with a preset password

tags | exploit, remote, web, arbitrary, php
MD5 | 3b4a1be7a90f5f76e744919a1666c4c8
WordPress Contact Form DB 2.8.26 Cross Site Scripting
Posted Feb 9, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Contact Form DB plugin version 2.8.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fd418f1adab3041547aa1ac492442683
WordPress WP Symposium 14.11 Shell Upload
Posted Jan 12, 2015
Authored by Claudio Viviani | Site metasploit.com

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 309dbdb413d8a101edf6ade1cf18c136
WordPress Contact Form DB 2.8.13 Cross Site Scripting
Posted Oct 10, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7139
MD5 | cf4fe085fd044fb52226477f8f5ca213
WordPress Contact Form 7 3.5.3 Shell Upload
Posted Jan 31, 2014
Authored by MustLive

WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.

tags | advisory, remote, shell
MD5 | 31d061b82323d1b6d271c09a577543ae
WordPress Contact Form 7 3.5.2 Shell Upload
Posted Nov 24, 2013
Authored by MustLive

WordPress Contact Form 7 versions 3.5.2 and below suffer from a remote shell upload vulnerability.

tags | advisory, remote, shell
MD5 | 55516c1a1338dea71b50286d5ab4cfc5
WordPress Contact Form 2.7.5 SQL Injection / Patch
Posted Oct 14, 2011
Authored by Skraps

WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.

tags | exploit, remote, sql injection
MD5 | 45618e3593eb3c3739b9db1eeab3c557
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
MD5 | 1688b6eaa86b161c91dd0d6b4158f460
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close