2 results (0.037 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en pay.php en el complemento Pay With Tweet antes de v1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) link, (2) title, o (3) dl. • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78205 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. Vulnerabilidad de inyección SQL en el plugin Pay With Tweet anteriores a v1.2 para Wordpress, permite a usuarios autenticados remotos con ciertos permisos ejecutar comandos SQL de su elección a través del parámetro id en un "paywithtweet shortcode". • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78204 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •