Updating advanced guestbook 2 3 4
This is related to wp-admin/includes/and wp-includes/ The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for Word Press has SQL Injection via the wp-admin/admin.php?
page=forminator-entries entry parameter if the attacker has the delete permission.
The WP Fastest Cache plugin through 0.8.9.0 for Word Press allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wp Fastest mishandle ../ in an HTTP Referer header.
Incorrect access control in migla_ajax_in the Calmar Webmedia Total Donations plugin through 2.0.5 for Word Press allows unauthenticated attackers to update arbitrary Word Press option values, leading to site takeover.
The social-warfare plugin before 3.5.3 for Word Press has stored XSS via the wp-admin/admin-post.php?
swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019.
A SQL injection vulnerability exists in the Imagely Next GEN Gallery plugin before 3.2.10 for Word Press.
Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for Word Press allows an attacker to inject malicious Java Script code through a publicly available subscription form using the esfpx_name wp-admin/POST parameter.This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS.The XSS results in administrative access, which allows arbitrary changes to files.These attackers can send requests to wp-admin/to call the migla A_update_me action to change arbitrary options on affected sites.This can be used to enable new user registration and set the default role for new users to Administrator.