CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002002 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002002
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002009 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002009
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS... • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002001 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002001
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002003 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002003
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002000 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-1002000
18 Sep 2018 — There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. Existe una inyección SQL ciega en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Estas vulnerabilidades requieren privilegios de administrador para que se explote. Existe una vulnerabilidad de inyección SQL ciega explotable mediante la variable del... • https://www.exploit-db.com/exploits/45434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002005 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002005
18 Sep 2018 — These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en bft_list.html.php:43: mediante el parámetro filter_signup_date. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002006 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002006
18 Sep 2018 — These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en integration-contact-form.html.php:14: mediante la variable de petición POST classes. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-14502 – Chained Quiz <= 1.0.8.2 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-14502
16 Aug 2018 — controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. El archivo controllers/quizzes.php en el plugin Kiboko Chained Quiz versiones anteriores a 1.0.9 para WordPress, permite a usuarios no autentificados remotos ejecutar comandos SQL arbitrarios por medio de los parámetros "answer" y "answers". • https://wordpress.org/plugins/chained-quiz/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10892 – Chained Quiz Plugin < 1.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10892
12 Jan 2017 — The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. El plugin encadenado-quiz antes de 1.0 para WordPress tiene múltiples problemas XSS. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user... • https://wordpress.org/plugins/chained-quiz/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10111 – Watu Quiz Plugin Exam exam.php watu_exams sql injection
https://notcve.org/view.php?id=CVE-2015-10111
20 Nov 2015 — A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. • https://github.com/wp-plugins/watu/commit/bf42e7cfd819a3e76cf3e1465697e89f4830590c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •