2 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. El formulario de subida de contenido multimedia del complemento Video Embed & Thumbnail Generator anteriores a la versión 2.0 para WordPress permite a atacantes remotos obtener la ruta de instalación a través de vectores sin especificar. • http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924 http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog http://www.securityfocus.com/bid/52652 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. kg_callffmpeg.php en el complemento de Wordpress "Video Embed & Thumbnail Generator" antes de v2.0 permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. The Videopack (formerly Video Embed & Thumbnail Generator) plugin for WordPress is vulnerable to remote code execution in versions up to 2.0 due to insufficient input validation on data supplied to the runCom() function that executes code. This makes it possible for attackers to run arbitrary code on the system. • http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924 http://secunia.com/advisories/48087 http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog http://www.securityfocus.com/bid/52180 https://exchange.xforce.ibmcloud.com/vulnerabilities/73508 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •