All Vulnerabilities

WordPress Simple Membership Plugin Cross-Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Simple Membership WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Profile Builder Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Profile Builder WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Peter's Login Redirect Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the Peter's Login Redirect WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Paid Memberships Pro Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the Paid Memberships Pro WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress No External Links Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the No External Links WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Ninja Forms Plugin Multiple Cross Site Scripting Vulnerabilities
 Severity:    
 Date Published:  15 Sep 2016
Multiple reflected Cross Site Scripting (XSS) vulnerabilities have been found in the Ninja Forms WordPress Plugin. An attacker can exploit this vulnerability by inserting malicious JavaScript into the browser application.
WordPress Master Slider Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Master Slider WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Google Forms Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Google Forms Plugin WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony HttpCache Class Remote Code Execution Vulnerability (CVE-2015-2308)
 Severity:    
 Date Published:  15 Sep 2016
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.

Featured Stories