CVE-2017-1002021
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
Source: CVE-2017-1002021
[월:] 2017년 09월
CVE-2017-1002011
CVE-2017-1002011
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
Source: CVE-2017-1002011
CVE-2017-1002000
CVE-2017-1002000
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn’t require authentication or check that the user is allowed to upload content.
Source: CVE-2017-1002000
CVE-2017-1002013
CVE-2017-1002013
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
Source: CVE-2017-1002013
CVE-2017-1002002
CVE-2017-1002002
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Source: CVE-2017-1002002
CVE-2017-1002015
CVE-2017-1002015
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
Source: CVE-2017-1002015
CVE-2017-1002004
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn’t sanitized via the id variable before adding it to the end of an SQL query.
Source: CVE-2017-1002004
CVE-2017-1002010
CVE-2017-1002010
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn’t sanitize user input via recordId in the delete_media function.
Source: CVE-2017-1002010
CVE-2017-1002006
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn’t check that the user is authorized before injecting new contacts into the wp_contact table.
Source: CVE-2017-1002006
CVE-2017-1002014
CVE-2017-1002014
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
Source: CVE-2017-1002014