CVE-2016-10867 – All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10867
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. El complemento todo en uno wp-security-and-firewall versión anterior a 4.0.6 para WordPress tiene XSS en las páginas de configuración. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers https://wpvulndb.com/vulnerabilities/9736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10868 – All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10868
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. El complemento all-in-one-wp-security-and-firewall anterior a 4.0.5 para WordPress tiene XSS en la lista negra, el sistema de archivos y las páginas de configuración de detección de cambio de archivo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9293 – All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9293
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. El complemento todo en uno wp-security-and-firewall anterior a 3.9.8 para WordPress tiene XSS en la función de solicitud de desbloqueo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9294 – All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9294
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. El complemento all-in-one-wp-security-and-firewall versiones anterior a 3.9.5 para WordPress tiene XSS en instancias de función add_query_arg y remove_query_arg. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9310 – All In One WP Security & Firewall <= 3.9.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9310
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 3.9.1 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •