CVE-2016-10866 – All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10866
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. El complemento todo-en-uno-wp-security-and-firewall versión anterior a 4.2.0 para WordPress tiene múltiples problemas XSS. The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues via the 'tab' parameter. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10888 – All In One WP Security & Firewall <= 4.0.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10888
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 4.0.7 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-10867 – All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10867
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. El complemento todo en uno wp-security-and-firewall versión anterior a 4.0.6 para WordPress tiene XSS en las páginas de configuración. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers https://wpvulndb.com/vulnerabilities/9736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10868 – All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10868
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. El complemento all-in-one-wp-security-and-firewall anterior a 4.0.5 para WordPress tiene XSS en la lista negra, el sistema de archivos y las páginas de configuración de detección de cambio de archivo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9293 – All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9293
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. El complemento todo en uno wp-security-and-firewall anterior a 3.9.8 para WordPress tiene XSS en la función de solicitud de desbloqueo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •