This Metasploit module will scan given instances for an unauthenticated SQL injection within the CP Multi-View Calendar plugin v1.1.4 for Wordpress.
fa6f1e6bbb90332533f804d4e77a327f326adf3a7cc5346e615c88d7f2bcfa34Osticket versions 1.9.14 and below X-Forwarded-For stored cross site scripting exploit.
b66c370fc7160510f1cbf0686a458267815c6fa6241fc5b5c7ce5afeefd4eb0cWordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.
5bacab668e9242da4ccd6ac7578697bc74b3ca2afbaf088e2ffe1dba9f652000WordPress Ultimate Product Catalog plugin version 3.8.6 suffers from a remote shell upload vulnerability.
d5d2b6345ca7d0fde8061b241864354a010b8de0d20146ab1dc71c6e78336944WordPress Ultimate Product Catalog plugin versions 3.8.1 and below suffer from a privilege escalation vulnerability.
26e16b8111d6776a483b80f13ec222d56319239cdae60821e333d1e54f5b61b3WordPress CP Polls plugin version 1.0.8 suffers from cross site request forgery and cross site scripting vulnerabilities.
8357ac1b88e48568e0b75ab46fc3e37b7f7e2fde665a9af49dcfbd05f7f0ab9cWordPress CP Polls plugin version 1.0.8 suffers from a persistent cross site scripting vulnerability via file upload.
d0f470351ed56ed98b3366f515a352e352454d550d37a38d55acee54f832d7aaWordPress CP Polls plugin version 1.0.8 suffers from a cross site request forgery vulnerability that can be leveraged to turn a file download into a malicious .bat file.
d8a74ea935cf5527d08c2a6c2e256129ed3fa98c0b377e27197ba096ef05423fWordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
22fd62241b10270dd006f36d68ce4d0d900367987d8d02ce551d856593396accWordPress Booking Calendar Contact Form plugin versions 1.0.23 and below suffer from a remote shortcode blind SQL injection vulnerability.
5fdf0d12745eb82122b684978ff9da6bac77512d66850264e4f39fc6976659e2WordPress Booking Calendar Contact Form plugin versions 1.0.23 and below suffer from a remote blind SQL injection vulnerability.
2c080314815d4e1cf1599a8ace07706654eb3a1b321b31a066141c15d3ce6fecWordPress Booking Calendar Contact Form plugin versions 1.0.23 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
d37af5a71fee96889b46f17bc669c474a3edc49eef29a361d9f2f3e73f19dd78WordPress Appointment Booking Calendar plugin version 1.1.24 suffers from a remote SQL injection through addslashes.
f50b726fd5aa53e19ad3f34f743c544fe51d0489b26fd23bee63b91da753dcccWordPress Appointment Booking Calendar plugin versions 1.1.24 and below suffer from privilege escalation and cross site scripting vulnerabilities.
b8ef07d7c19363e2128f8f09d9ae5133d90fd0610c5195d1948cf38e3f39ac69WordPress Appointment Booking Calendar plugin versions 1.1.23 and below suffer from a shortcode remote SQL injection vulnerability.
0c5cdf3268781bb2f238da8e18318c0012ae4af07a426704ca51e73453e1392dWordPress Appointment Booking Calendar plugin versions 1.1.23 and below suffer from a remote SQL injection vulnerability.
1223ee97734c6256c00d7dc70bc97125ea8a4133dd63c31e98cdf921ed556c1eWordPress Contact Form Generator version 2.0.1 suffers from multiple cross site request forgery vulnerabilities.
1e996c213120613613563f4cd899c0f0986297751b82de9c0216816f2b0fac21WordPress Booking Calendar Contact Form plugin version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
634d97d85a3a0669c521ef17cf7084d41acd83e7ce20d66da98dcc013771b672
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed