Page 2 of 7 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. El tema newspaper versiones anteriores a 6.7.2 para WordPress, presenta una inyección de script por medio de la función td_ads[header] en el archivo admin-ajax.php. • https://blog.sucuri.net/2017/06/unwanted-shorte-st-ads-in-unpatched-newspaper-theme.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 1

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. El tema newspaper versiones anteriores a 6.7.2 para WordPress, posee una falta de opciones de control de acceso mediante la función td_ajax_update_panel. • https://wpvulndb.com/vulnerabilities/8852 https://www.exploit-db.com/exploits/39894 • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •