Updating advanced guestbook 2 3 4
This is related to wp-admin/includes/and wp-includes/ The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for Word Press has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry parameter if the attacker has the delete permission.By querying the 'users' Root Query, it is possible, for an unauthenticated attacker, to retrieve all Word Press users details such as email address, role, and username.
The FV Flowplayer Video Player plugin before 126.96.36.1997 for Word Press allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php? The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for Word Press allows XSS via the wp-admin/admin-ajax.php?
An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for Word Press allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in
A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for Word Press allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in
Word Press through 5.0.3 allows Path Traversal in wp_crop_image(). cmd=_cart in the Woo Commerce Pay Pal Checkout Payment Gateway plugin 1.6.8 for Word Press allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.
An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg? Word Press before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg? An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for Word Press, includes/allows XSS via the title text.