All Vulnerabilities

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability".

NetBIOS Name Service (NBNS) is a broadcast UDP protocol for name resolution commonly used in Windows environment. WPAD protocol falls back to NBNS when it can't resolve the IP of WPAD server with DHCP and DNS. An attacker can spoof the WPAD NBNS response with malicious IP.

A cross-site scripting (XSS) vulnerability exists in Yoast plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.

A cross-site scripting (XSS) vulnerability exists in WangGuard plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in WordPress Uji plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter. A successful attack could lead sensitive information disclosure.

A cross-site scripting (XSS) vulnerability exists in Landing Pages plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in FormBuilder plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

A cross-site scripting (XSS) vulnerability exists in Count Per Day plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.

WordPress Core is prone to a directory traversal vulnerability. A successful exploit of this vulnerability could allow attackers to read arbitrary files on the computer.