CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2014-3210 – Pinpoint Booking System – #1 WordPress Booking Plugin < 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3210
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en dopbs-backend-forms.php en el plugin Booking System (Booking Calendar) anterior a 1.3 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro booking_form_id hacia wp-admin/admin-ajax.php. WordPress Booking System (Booking Calendar) plugin versions prior to 1.3 suffer from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/39197 http://packetstormsecurity.com/files/126762/WordPress-Booking-System-SQL-Injection.html http://wordpress.org/plugins/booking-system/changelog http://www.securityfocus.com/archive/1/532168/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3843 – Search Everything <= 8.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-3843
Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en el plugin Search Everything anterior a 8.1.1 para WordPress permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://secunia.com/advisories/58502 http://wordpress.org/plugins/search-everything/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3845 – TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-3845
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de CSRF en el plugin TinyMCE Color Picker anterior a 1.2 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que cambian configuraciones de plugins a través de vectores desconocidos. NOTA: algunos de estos detalles se obtienen de información de terceras partes. Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. • http://secunia.com/advisories/58095 http://wordpress.org/plugins/tinymce-colorpicker/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2014-3841 – Contact Bank – Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3841
Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en el plugin Contact Bank anterior a 2.0.20 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Label, relacionado con la configuración de diseño de formularios. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://secunia.com/advisories/58300 http://wordpress.org/plugins/contact-bank/changelog http://www.securityfocus.com/bid/67334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3844 – TinyMCE Color Picker <= 1.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2014-3844
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. El plugin TinyMCE Color Picker anterior a 1.2 para WordPress no comprueba debidamente permisos, lo que permite a atacantes remotos modificar configuraciones de plugin a través de vectores no especificados. NOTA: algunos de estos detalles se obtienen de información de terceras partes. The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. • http://secunia.com/advisories/58095 http://wordpress.org/plugins/tinymce-colorpicker/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •