CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2014-9311 – WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9311
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php. Vulnerabilidad de XSS en admin.php en el plugin Shareaholic anterior a 7.6.1.0 para WordPress permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro location[id] en una acción shareaholic_add_location en wp-admin/admin-ajax.php. WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36674 http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html http://security.szurek.pl/shareaholic-7603-xss.html https://wordpress.org/plugins/shareaholic/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3256 – SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3256
Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el plugin Shareaholic SexyBookmarks v6.1.4.0 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios para las peticiones "manipulate plugin settings." • http://secunia.com/advisories/53138 http://wordpress.org/plugins/sexybookmarks/changelog http://www.securityfocus.com/bid/61561 https://exchange.xforce.ibmcloud.com/vulnerabilities/86126 • CWE-352: Cross-Site Request Forgery (CSRF) •