2 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. Vulnerabilidad de inyección SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la información almacenada en la base de datos. The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://jvn.jp/en/jp/JVN79213252 https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php https://wordpress.org/plugins/music-store • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. El plugin music-store versiones anteriores a 1.0.43 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro from_year de wp-admin/admin.php?page=music-store-menu-reports. • https://packetstormsecurity.com/files/136445 https://wordpress.org/plugins/music-store/#developers https://wpvulndb.com/vulnerabilities/8429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •