Aditya Balapure

CVE-2012-6313 EXPLOITDB text WRITEUP

Simple Gmail Login < 1.1.4 - Unauthenticated Sensitive Information Exposure via Missing Timezone Parameter

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

View Code

CVE-2013-2501 EXPLOITDB text WORKING POC

terillion_reviews_plugin < 1.1 - Cross-Site Scripting via ProfileId Field

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

View Code

CVE-2012-6312 EXPLOITDB text WORKING POC

Video Lead Form plugin for WordPress - Cross-Site Scripting via errMsg Parameter

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

View Code