Adrián M. F.

6 exploits Active since May 2015
CVE-2015-4064 EXPLOITDB text WRITEUP
Landing Pages < 1.8.4 - Authenticated SQL Injection via post Parameter
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
CVE-2015-4062 EXPLOITDB text WRITEUP
NewStatPress < 0.9.8 - Authenticated SQL Injection via where1 Parameter
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVE-2015-4018 EXPLOITDB text WORKING POC
FeedWordPress < 2015.0514 - Authenticated SQL Injection via link_ids[] Parameter
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
CVE-2015-4066 EXPLOITDB text WORKING POC
GigPress < 2.3.8 - Authenticated SQL Injection via show_artist_id or show_venue_id Parameter
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
CVE-2015-4065 EXPLOITDB text WRITEUP
Landing Pages < 1.8.4 - Authenticated Cross-Site Scripting via Post Parameter
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
CVE-2015-4063 EXPLOITDB text WRITEUP
NewStatPress < 0.9.8 - Authenticated Cross-Site Scripting via where1 Parameter
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.