CVE-2015-9333
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
Source: CVE-2015-9333
[월:] 2019년 08월
CVE-2016-10920
CVE-2016-10920
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
Source: CVE-2016-10920
CVE-2013-7479
CVE-2013-7479
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
Source: CVE-2013-7479
CVE-2013-7480
CVE-2013-7480
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
Source: CVE-2013-7480
CVE-2013-7481
CVE-2013-7481
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
Source: CVE-2013-7481
CVE-2016-10919
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.
Source: CVE-2016-10919
CVE-2016-10917
CVE-2016-10917
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
Source: CVE-2016-10917
CVE-2013-7478
CVE-2013-7478
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
Source: CVE-2013-7478
CVE-2009-5158
CVE-2009-5158
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
Source: CVE-2009-5158
CVE-2019-5638
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user’s password is changed by an administrator due to an otherwise unrelated credential leak, that user account’s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
Source: CVE-2019-5638