WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
80d72d61c11f1f3c99cabce220c21b34WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.
fb51b96b8a6834e0059bf0f53bbb280bWordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.
f6686ff9fc966ce12dba21aec12aaeb0WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.
8c0bd2ff5a15ebfbedbed8b0189b5608WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.
a45930f318c3daf72f829b4afa303a37WordPress Contact Form Maker plugin versions 1.12.20 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
d08badfbc380bef4839f1e6faaf47b7eWordPress Contact Form 7 to Database Extension plugin version 2.10.32 suffers from a CSV injection vulnerability.
d056556b41893a0bc49c21fed4a47543WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
1d01dc001a0e9ab61957d22e50f28f0cWordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability.
0b9ec0c731a198bb020a35fd2e3d8722WordPress Contact Form plugin version 4.0.0 suffers from a cross site scripting vulnerability.
9a02b786071ae7946b341084679559f2WordPress Contact Form Manager plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
4987a2afdb93bc122ac36851c982c9edWordPress Contact Bank plugin version 2.1.21 suffers from a cross site scripting vulnerability.
8a5a6f6436586d9293d6d09294a7d296WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.
c93c86885ecc45c0e71ea585934a0b17WordPress Contact Form To DB plugin version 1.4.0 suffers from a cross site scripting vulnerability.
4271ccd36fc869cfa934bfe74b8bdb71WordPress Contact Form plugin version 3.81 suffers from a cross site scripting vulnerability.
433aae677f8c1ec05b070359a238bb0eWordPress Contact Form Generator version 2.0.1 suffers from multiple cross site request forgery vulnerabilities.
4149fca7d0eeac186b44661f95677ab5WordPress Contact Form DB plugin version 2.8.29 suffers from a cross site request forgery vulnerability.
ad5faf62121a0565c077d72e64865f8dPhoto Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php
d5407ef3b9af0583a41aa80c37d5a6aeWordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions 3.0.8 and below authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called "demouser" with a preset password
3b4a1be7a90f5f76e744919a1666c4c8WordPress Contact Form DB plugin version 2.8.26 suffers from a cross site scripting vulnerability.
fd418f1adab3041547aa1ac492442683WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
309dbdb413d8a101edf6ade1cf18c136WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability.
cf4fe085fd044fb52226477f8f5ca213WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.
31d061b82323d1b6d271c09a577543aeWordPress Contact Form 7 versions 3.5.2 and below suffer from a remote shell upload vulnerability.
55516c1a1338dea71b50286d5ab4cfc5WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.
45618e3593eb3c3739b9db1eeab3c557WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.
1688b6eaa86b161c91dd0d6b4158f460
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed