CVE-2017-1002025
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
Source: CVE-2017-1002025
[월:] 2017년 09월
CVE-2017-1002001
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Source: CVE-2017-1002001
CVE-2017-1002017
CVE-2017-1002017
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn’t sanitize user input to prevent a stored XSS vulnerability.
Source: CVE-2017-1002017
CVE-2017-1002003
CVE-2017-1002003
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Source: CVE-2017-1002003
CVE-2017-1002018
CVE-2017-1002018
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
Source: CVE-2017-1002018
CVE-2017-1002005
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn’t sanitized via the contact_id variable before adding it to the end of an SQL query.
Source: CVE-2017-1002005
CVE-2017-1002019
CVE-2017-1002019
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
Source: CVE-2017-1002019
CVE-2017-1002007
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn’t check that the user is authorized before injecting new contacts into the wp_contact table.
Source: CVE-2017-1002007
CVE-2017-1002020
CVE-2017-1002020
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
Source: CVE-2017-1002020
CVE-2017-1002009
CVE-2017-1002009
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn’t sanitize user input via recordId in the delete function.
Source: CVE-2017-1002009