CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10099 – CP Appointment Calendar Plugin dex_appointments.php dex_process_ready_to_go_appointment sql injection
https://notcve.org/view.php?id=CVE-2015-10099
12 Feb 2015 — A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. ... Es wurde eine Schwachstelle in CP Appointment Calendar Plugin bis 1.1.5 für WordPress entdeckt. ... The CP Appointment Calendar Plugin plugin for WordPress is vulnerable to SQL Injection via the $itemnumber variable in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ... • https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10124 – Most Popular Posts Widget Plugin functions.php show_views sql injection
https://notcve.org/view.php?id=CVE-2015-10124
02 Feb 2015 — A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. ... Se encontró una vulnerabilidad en el complemento Most Popular Posts Widget hasta la versión 0.8 en WordPress. ... Es wurde eine kritische Schwachstelle in Most Popular Posts Widget Plugin bis 0.8 für WordPress ausgemacht. ... The Most Popular Posts Widget plugin for WordPress is vulnerable to SQL Injection via the 'PostID' variable in versions up to, and including, 0.8 due to insufficient es... • https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125091 – codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection
https://notcve.org/view.php?id=CVE-2014-125091
23 Nov 2014 — A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. ... In codepeople cp-polls Plugin 1.0.1 für WordPress wurde eine kritische Schwachstelle gefunden. ... The Polls CP plugin for WordPress is vulnerable to SQL Injection via the 'lu' parameter in all versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 19%CPEs: 4EXPL: 2CVE-2014-8877 – CM Download Manager <= 2.0.3 - Code Injection
https://notcve.org/view.php?id=CVE-2014-8877
10 Nov 2014 — The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. La función alterSearchQuery en lib/controllers/CmdownloadController.php en el plugin CreativeMinds CM Downloads Manager anterior a 2.0.4 para WordPress permite a atacantes remotos ejecutar códi... • http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7297 – Enfold < 3.0.1 - Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2014-7297
07 Oct 2014 — Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. Vulnerabilidad no especificada en el Framework de carpetas en el tema Enfold anterior a 3.0.1 para WordPress tiene impacto y vectores de ataque desconocidos. • http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125099 – I Recommend This Plugin dot-irecommendthis.php sql injection
https://notcve.org/view.php?id=CVE-2014-125099
24 Sep 2014 — A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. ... In I Recommend This Plugin bis 3.7.2 für WordPress wurde eine Schwachstelle gefunden. ... The I Recommend This plugin for WordPress is vulnerable to SQL Injection via the 'post_type' attribute called via the plugin's shortcode in versions up to, and including, 3.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... • https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2014-1905 – Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-1905
27 Feb 2014 — Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. Vulnerabilidad en la carga de un archivo sin restricciones en ls/vw_snapshots.php en ... • https://www.exploit-db.com/exploits/31986 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10027 – Blogger Importer Plugin blogger-importer.php restart cross-site request forgery
https://notcve.org/view.php?id=CVE-2013-10027
08 Oct 2013 — A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. ... Es wurde eine problematische Schwachstelle in Blogger Importer Plugin bis 0.5 für WordPress ausgemacht. ... The Blogger Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.5. • https://github.com/wp-plugins/blogger-importer/commit/b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2013-3684 – WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3684
13 Jun 2013 — NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload El plugin NextGEN Gallery versiones anteriores a 1.9.13 para WordPress: carga del archivo ngggallery.php. • https://www.exploit-db.com/exploits/38585 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10025 – Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery
https://notcve.org/view.php?id=CVE-2013-10025
28 May 2013 — A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. ... Eine Schwachstelle wurde in Exit Strategy Plugin 1.55 für WordPress gefunden. ... The exit-strategy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.55. • https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac • CWE-352: Cross-Site Request Forgery (CSRF) •