CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125102 – Bestwebsoft Relevant Plugin Thumbnail information disclosure
https://notcve.org/view.php?id=CVE-2014-125102
A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. • https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3 https://vuldb.com/?ctiid.230113 https://vuldb.com/?id.230113 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9384 – Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9384
The relevant plugin before 1.0.8 for WordPress has XSS. El plugin relevant versiones anteriores a 1.0.8 para WordPress, presenta una vulnerabilidad de tipo XSS. The Relevant Related Posts plugin up to and including version 1.0.7 for WordPress is vulnerable to stored cross-site scripting via the rltdpstsplgn_options parameter. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wordpress.org/plugins/relevant/#developers https://wpvulndb.com/vulnerabilities/8361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •