CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1002028 – WordPress Gallery Transforation < 0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-1002028
22 Jul 2017 — Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. Existe una vulnerabilidad en el plugin wordpress-gallery-transformation v1.0 de WordPress que consiste en una inyección SQL en ./wordpress-gallery-transformation/gallery.php, debido a que no se sanitiza el parámetro $jpic antes de pasarlo a una consulta SQL. • http://www.vapidlabs.com/advisory.php?v=199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10030 – Exit Box Lite Plugin wordpress-exit-box-lite.php information disclosure
https://notcve.org/view.php?id=CVE-2013-10030
28 May 2013 — A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. • https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •