CVE-2018-10363 – Booking calendar, Appointment Booking System < 2.2.3 - Unauthenticated Parameter Manipulation
https://notcve.org/view.php?id=CVE-2018-10363
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. Se ha descubierto un problema en el plugin de WpDevArt "Booking calendar, Appointment Booking System" 2.2.2 para WordPress. Múltiples parámetros permiten que los atacantes remotos manipulen los valores para que cambien datos como los precios. An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin in versions up to, and including, 2.2.2 for WordPress. • https://gist.github.com/B0UG/68d3161af0c0ec85c615ca7452f9755e • CWE-20: Improper Input Validation •
CVE-2017-14125 – Gallery – Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-14125
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. Una vulnerabilidad de inyección SQL en el plugin Responsive Image Gallery en versiones anteriores a la 1.2.1 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro id en una tarea en la página add_edit_theme para wp-admin/admin.php. WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. • http://seclists.org/fulldisclosure/2017/Sep/55 https://wpvulndb.com/vulnerabilities/8907 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •