CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5CVE-2014-9173 – Google Doc Embedder < 2.5.17 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9173
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. Vulnerabilidad de inyección SQL en view.php en el plugin Google Doc Embedder anterior a 2.5.15 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro gpid. • https://www.exploit-db.com/exploits/35447 https://www.exploit-db.com/exploits/35371 http://osvdb.org/show/osvdb/115044 http://security.szurek.pl/google-doc-embedder-2514-sql-injection.html http://www.exploit-db.com/exploits/35371 https://exchange.xforce.ibmcloud.com/vulnerabilities/98944 https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedder • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 90%CPEs: 19EXPL: 2CVE-2012-4915 – WordPress Plugin Google Document Embedder Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. Vulnerabilidad de salto de directorio en el plugin Google Doc Embedder anterior a 2.5.4 para WordPress permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro file en libs/pdf.php. • https://www.exploit-db.com/exploits/23970 http://osvdb.org/88891 http://secunia.com/advisories/50832 http://www.securityfocus.com/bid/57133 https://exchange.xforce.ibmcloud.com/vulnerabilities/80930 http://web.archive.org/web/20130119141940/http://secunia.com/advisories/50832 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •