CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10985 – Echo Sign < 1.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10985
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. El plugin echosign versiones anteriores a 1.2 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro id del archivo templates/add_templates.php. • https://0x62626262.wordpress.com/2016/04/21/echosign-plugin-for-wordpress-xss-vulnerability https://wordpress.org/plugins/echosign/#developers https://wpvulndb.com/vulnerabilities/8465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11000 – Export WordPress Data with Advanced Filters < 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11000
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. El plugin wp-ultimate-exporter versiones hasta 1.1 para WordPress, presenta una inyección SQL por medio del parámetro export_type_name. • https://seclists.org/bugtraq/2016/Feb/183 https://wordpress.org/plugins/wp-ultimate-exporter/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9306 – Easy Drag And drop All Import : WP Ultimate CSV Importer < 3.8.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9306
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. El plugin wp-ultimate-csv-importer anterior a la versión 3.8.1 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10125 – WP Ultimate CSV Importer Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10125
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. • https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3 https://vuldb.com/?ctiid.241317 https://vuldb.com/?id.241317 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3263 – WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3263
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php. Múltiples vulnerabilidades de XSS en el plugin WP Ultimate Email Marketer 1.1.0 y posiblemente anteriores versiones para Wordpress permite a atacantes remotos inyectar script web o HTML arbitrario a través de (1) parámetro siteurl a campaign/campaignone.php; el parámetro (2) action, (3) campaignname, (4) campaignformat, o (5) emailtemplate a campaign/campaigntwo.php; el (6) parámetro listid a list/edit.php; el parámetro (7) campaignid (8) siteurl a campaign/editcampaign.php; el parámetro (9) campaignid a campaign/selectlistb4send.php; el parámetro (10) campaignid, (11) campaignname, (12) campaignsubject, o (13) selectedcampaigns a campaign/sendCampaign.php; o el parámetro (14) campaignid, (15) campaignname, (16) campaignformat, o (17) action a campaign/updatecampaign.php. Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.2.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php. • http://secunia.com/advisories/53170 http://www.securityfocus.com/bid/62621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •