CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15079 – Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-15079
21 Sep 2017 — The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. El plugin Smush Image Compression and Optimization en versiones anteriores a la 2.7.6 para WordPress permite el salto de directorios. • https://wordpress.org/plugins/wp-smushit/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18511 – Custom Sidebars <= 3.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18511
29 Jun 2017 — The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. El plugin custom-sidebars versiones anteriores a 3.0.8.1 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/custom-sidebars/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10098 – Broken Link Checker Plugin ui_get_action_links cross site scripting
https://notcve.org/view.php?id=CVE-2015-10098
20 Apr 2015 — A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •