4 results (0.042 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

11 May 2017 — The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. El plugin nelio-ab-testing versiones anteriores a 4.6.4 para WordPress, presenta una vulnerabilidad de tipo CSRF en formularios de experimento. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

29 Dec 2016 — The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. El plugin nelio-ab-testing anterior de la versión 4.5.11 para WordPress tiene SSRF en ajax / iesupport.php. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

08 Dec 2016 — The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. El plugin nelio-ab-testing anterior de la versión 4.5.9 para WordPress tiene SSRF en ajax / iesupport.php. The Nelio AB Testing plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including, 4.5.8 via the 'ajax/iesupport.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted information from the vulnerable service and potentially execute malicious ... • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

10 May 2016 — The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. El plugin nelio-ab-testing versiones anteriores a 4.5.0 para WordPress, presenta un salto de directorio de filename=..%2f. The Nelio AB Testing plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.4 via the 'filename' parameter. This allows authenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •