Monthly Archive: September 2019

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. Date published : 2019-09-20 https://packetstormsecurity.com/files/134240/ https://wordpress.org/plugins/neuvoo-jobroll/#developers

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. Date published : 2019-09-20 https://seclists.org/bugtraq/2015/Nov/93 https://wordpress.org/plugins/users-ultra/#developers

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. Date published : 2019-09-20 http://cinu.pl/research/wp-plugins/mail_ae9e4b6fefceaebd216ddcf003f88bdd.html https://wordpress.org/plugins/websimon-tables/#developers

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. Date published : 2019-09-20 http://cinu.pl/research/wp-plugins/mail_b31beb377f24e401c9ec44a0f331a174.html https://wordpress.org/plugins/wordpress-meta-robots/#developers

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. Date published : 2019-09-20 http://cinu.pl/research/wp-plugins/mail_468b117b2dc86cb3d2ae4b8c81884a99.html https://wordpress.org/plugins/wp-stats-dashboard/#developers

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. Date published : 2019-09-20 http://cinu.pl/research/wp-plugins/mail_7ab7e224de198b2eda11dcb072d6bc8d.html https://wordpress.org/plugins/gocodes/#developers

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. Date published : 2019-09-20 http://cinu.pl/research/wp-plugins/mail_7ab7e224de198b2eda11dcb072d6bc8d.html https://wordpress.org/plugins/gocodes/#developers

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. Date published : 2019-09-20 https://wordpress.org/plugins/auto-thickbox-plus/#developers https://wpvulndb.com/vulnerabilities/8344

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. Date published : 2019-09-20 https://seclists.org/bugtraq/2015/Dec/12 https://wordpress.org/plugins/users-ultra/#developers

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. Date published : 2019-09-20 https://wordpress.org/plugins/users-ultra/#developers https://wpvulndb.com/vulnerabilities/8350

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. Date published : 2019-09-20 https://wordpress.org/plugins/users-ultra/#developers https://wpvulndb.com/vulnerabilities/8350

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. Date published : 2019-09-20 https://seclists.org/bugtraq/2015/Dec/13 https://wordpress.org/plugins/users-ultra/#developers

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. Date published : 2019-09-20 https://wordpress.org/plugins/yawpp/#developers https://wpvulndb.com/vulnerabilities/8351

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. Date published : 2019-09-20 https://security.szurek.pl/admin-management-xtended-240-privilege-escalation.html Admin Management Xtended