3 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Vinoj Cardoza 3D Tag Cloud permite XSS almacenado. Este problema afecta a 3D Tag Cloud: desde n/a hasta 3.8. The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. Múltiples vulnerabilidades de seguridad en las funciones editAnswer, deleteAnswer, addAnswer y deletePoll en WordPress Poll Plugin versión 34.5 para WordPress, permiten a un atacante remoto agregar, editar y eliminar una respuesta y eliminar una encuesta. Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.05 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. Cardoza WordPress Poll plugin version 34.05 suffers from multiple remote SQL injection vulnerabilities. • http://www.securityfocus.com/bid/57479 https://exchange.xforce.ibmcloud.com/vulnerabilities/81467 https://www.securityfocus.com/archive/1/525370 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. Múltiples vulnerabilidades de inyección SQL en el archivo CWPPoll.js en WordPress Poll Plugin versión 34.5 para WordPress, permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro pollid o poll_id en una acción viewPollResults o userlogs. Cardoza WordPress Poll plugin version 34.05 suffers from multiple remote SQL injection vulnerabilities. • http://www.securityfocus.com/bid/57479 https://exchange.xforce.ibmcloud.com/vulnerabilities/81466 https://www.securityfocus.com/archive/1/525370 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •