CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10115 – WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect
https://notcve.org/view.php?id=CVE-2015-10115
A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a https://vuldb.com/?ctiid.230655 https://vuldb.com/?id.230655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10114 – WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirect
https://notcve.org/view.php?id=CVE-2015-10114
A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601 https://vuldb.com/?ctiid.230654 https://vuldb.com/?id.230654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10104 – Icons for Features Plugin class-icons-for-features-admin.php redirect
https://notcve.org/view.php?id=CVE-2015-10104
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. • https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633 https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1 https://vuldb.com/?ctiid.227756 https://vuldb.com/?id.227756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2329 – WooCommerce <= 2.3.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2329
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin WooCommerce en versiones anteriores a la 2.3.6 para WordPress permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un pedido manipulado. • https://fortiguard.com/zeroday/FG-VD-15-020 https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4549 – WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. Múltiples vulnerabilidades de XSS en pages/3DComplete.php en el plugin WooCommerce SagePay Direct Payment Gateway anterior a 0.1.6.7 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) MD o (2) PARes. • http://codevigilant.com/disclosure/wp-plugin-sagepay-direct-for-woocommerce-payment-gateway-a3-cross-site-scripting-xss http://wordpress.org/plugins/sagepay-direct-for-woocommerce-payment-gateway/changelog http://www.securityfocus.com/bid/65355 https://github.com/wp-plugins/sagepay-direct-for-woocommerce-payment-gateway/commit/9c6cf939c6c25377c285439b92ef2bb5ebda9db6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •