CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-14788 – Newsletters <= 4.6.18 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-14788
01 Jul 2019 — wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. El archivo wp-admin/admin-ajax.php?action=newsletters_exportmultiple en el plugin Tribulant Newsletters versiones anteriores a 4.6.19 para WordPress, permite un salto de directorio con ejecución de código PHP remota resultante por medio del ... • https://wordpress.org/plugins/newsletters-lite/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18017 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18017
04 Oct 2018 — XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18018 – Slideshow Gallery <= 1.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18018
04 Oct 2018 — SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a una inyección SQL a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18019 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18019
04 Oct 2018 — XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], o Slide[image_url]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-20987 – Newsletters <= 4.6.8.5 - Object Injection
https://notcve.org/view.php?id=CVE-2018-20987
12 Mar 2018 — The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. El plugin newsletters-lite en versiones anteriores a la 4.6.8.6 para WordPress tiene inyección de objetos PHP. • https://wordpress.org/plugins/newsletters-lite/#developers • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17946 – Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17946
10 Apr 2017 — The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. El plugin Tribulant Slideshow Gallery en versiones anteriores a la 1.6.6.1 para WordPress tiene Cross-Site Scripting (XSS) mediante los parámetros id, method, Gallerymessage, Galleryerror o Galleryupdated. The Tribulant Slideshow Gallery plugin before 1.6.6 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter... • http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 64%CPEs: 7EXPL: 11CVE-2014-5460 – Slideshow Gallery < 1.4.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-5460
29 Aug 2014 — Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. Vulnerabilidad de la subida de ficheros sin restricciones en el plugin Tribulant Slideshow Gallery anterior a 1.4.7 para WordPress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fic... • https://packetstorm.news/files/id/128270 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •