CVSS: 7.2EPSS: 0%CPEs: 45EXPL: 0CVE-2013-0734 – Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-0734
Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php. Múltiples vulnerabilidades de XSS en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del (1) parámetro search_words en una acción de búsqueda hacia wpf.class.php o (2) parámetro togroupusers en una acción add_user_togroup hacia fs-admin/fs-admin.php. • http://osvdb.org/90432 http://osvdb.org/90433 http://secunia.com/advisories/52167 http://secunia.com/secunia_research/2013-3 http://www.securityfocus.com/bid/58059 https://exchange.xforce.ibmcloud.com/vulnerabilities/82187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2013-0735 – Mingle Forum <= 1.0.33.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2013-0735
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. Múltiples vulnerabilidades de inyección SQL en wpf.class.php en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en un viewtopic (1) remove_post, (2) sticky o (3) closed action o un parámetro (4) thread en una acción postreply hacia index.php. • http://osvdb.org/90434 http://secunia.com/advisories/52167 http://secunia.com/secunia_research/2013-4 http://www.securityfocus.com/bid/58059 https://exchange.xforce.ibmcloud.com/vulnerabilities/82188 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2013-0736 – Mingle Forum <= 1.0.34 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-0736
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades CSRF en el plugin Mingle Forum 1.0.34 y posiblemente versiones anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores con peticiones que (1) modifiquen los privilegios del usuario o (2) llevan a cabo ataques XSS a través de vectores sin especificar. • http://osvdb.org/96905 http://secunia.com/advisories/47687 http://secunia.com/secunia_research/2013-6 http://www.securityfocus.com/bid/62133 • CWE-352: Cross-Site Request Forgery (CSRF) •