CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2015-5481 – GD bbPress Attachments < 2.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-5481
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. Vulnerabilidad de XSS en forms/panels.php en el plugin GD bbPress Attachments en versiones anteriores a 2.3 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro tab en la página gdbbpress_attachments a wp-admin/edit.php. • http://packetstormsecurity.com/files/132657/WordPress-GD-bbPress-Attachments-2.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Jul/53 https://security.dxw.com/advisories/reflected-xss-in-gd-bbpress-attachments-allows-an-attacker-to-do-almost-anything-an-admin-can https://wordpress.org/plugins/gd-bbpress-attachments/changelog https://wpvulndb.com/vulnerabilities/8088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2838 – GD Star Rating <= 1.9.22 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-2838
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades de CSRF en el plugin GD Star Rating 19.22 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan (1) ataques de inyección SQL a través del parámetro s en la página gd-star-rating-stats en wp-admin/admin.php o (2) ataques de XSS a través de vectores no especificados. Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 1.9.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. • http://seclists.org/fulldisclosure/2014/Mar/399 http://secunia.com/advisories/57667 https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22 https://exchange.xforce.ibmcloud.com/vulnerabilities/92156 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2839 – GD Star Rating <= 1.9.22 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-2839
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin GD Star Rating 19.22 para WordPress permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro s en la página gd-star-rating-stats en wp-admin/admin.php. SQL injection vulnerability in the GD Star Rating plugin 1.9.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. • http://seclists.org/fulldisclosure/2014/Mar/399 https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22 https://exchange.xforce.ibmcloud.com/vulnerabilities/92156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •