CVE-2020-14092 – Payment Form for PayPal Pro < 1.1.65 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. El CodePeople Payment Form para el plugin PayPal Pro versiones anteriores a 1.1.65 para WordPress, permite una inyección SQL The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection via query parameter. • https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers https://wpvulndb.com/vulnerabilities/10287 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-12636 – iThemes Security <= 7.0.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-12636
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. El plugin iThemes Security (better-wp-security) en versiones anteriores a la 7.0.3 para WordPress permite la inyección SQL (por atacantes con privilegios Admin) mediante la página de logs. WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44943 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E https://wordpress.org/plugins/better-wp-security/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-7433 – iThemes Security <= 6.9.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7433
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. El plugin iThemes Security, en versiones anteriores a la 6.9.1, para WordPress no realiza correctamente el escapado de datos para la página de logs. • https://wordpress.org/plugins/better-wp-security/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-532: Insertion of Sensitive Information into Log File •
CVE-2015-9372 – Exchange Addon Membership < 1.3.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9372
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). El complemento de pertenencia para iThemes Exchange anterior a 1.3.0 para WordPress tiene XSS a través de add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9367 – Easy Canadian Sales Taxes Add-On for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9367
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). El Add-on Easy Canadian Taxes para iThemes Exchange versiones anteriores a 1.1.0 para WordPress, tiene una vulnerabilidad de tipo XSS por medio de las funciones add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •