Page 10 of 47 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18576 – Event Notifier <= 1.2.0 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-18576

The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. El de notificación de eventos anterior a la versión 1.2.1 para WordPress tiene XSS a través de la animación de carga. • https://wordpress.org/plugins/event-notifier/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 3

CVE-2014-8586 – Calendar Event Multi View < 1.0.2 - SQL Injection

https://notcve.org/view.php?id=CVE-2014-8586

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. Vulnerabilidad de inyección SQL en el plugin CP Multi View Event Calendar 1.01 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro calid. SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. • https://www.exploit-db.com/exploits/35073 http://osvdb.org/show/osvdb/113670 http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html http://www.exploit-db.com/exploits/35073 http://www.securityfocus.com/bid/70718 https://exchange.xforce.ibmcloud.com/vulnerabilities/97766 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •