CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10866 – All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10866
11 Nov 2016 — The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. El complemento todo-en-uno-wp-security-and-firewall versión anterior a 4.2.0 para WordPress tiene múltiples problemas XSS. The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues via the 'tab' parameter. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10888 – All In One WP Security & Firewall <= 4.0.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10888
06 Apr 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 4.0.7 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10867 – All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10867
23 Feb 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. El complemento todo en uno wp-security-and-firewall versión anterior a 4.0.6 para WordPress tiene XSS en las páginas de configuración. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10868 – All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10868
22 Feb 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. El complemento all-in-one-wp-security-and-firewall anterior a 4.0.5 para WordPress tiene XSS en la lista negra, el sistema de archivos y las páginas de configuración de detección de cambio de archivo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9293 – All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9293
15 Aug 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. El complemento todo en uno wp-security-and-firewall anterior a 3.9.8 para WordPress tiene XSS en la función de solicitud de desbloqueo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9294 – All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9294
20 Apr 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. El complemento all-in-one-wp-security-and-firewall versiones anterior a 3.9.5 para WordPress tiene XSS en instancias de función add_query_arg y remove_query_arg. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9310 – All In One WP Security & Firewall <= 3.9.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9310
06 Apr 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 3.9.1 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2013-2705 – WordPress Simple PayPal Shopping Cart < 3.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2705
13 May 2014 — Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings. Vulnerabilidad de CSRF en el plugin WordPress Simple Paypal Shopping Cart anterior a 3.6 para WordPress permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian configuraciones de plugins. • http://osvdb.org/93953 • CWE-352: Cross-Site Request Forgery (CSRF) •