CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23717 – WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23717
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through 1.2.11. The Theme My Ontraport Smartform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged re... • https://patchstack.com/database/wordpress/plugin/theme-my-ontraport-smartform/vulnerability/wordpress-theme-my-ontraport-smartform-plugin-1-2-11-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2017-1002009 – Membership Simplified <= 1.58 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-1002009
17 Mar 2017 — Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. Existe una vulnerabilidad en el plugin Membership Simplified v1.58 de WordPress. El código en membership-simplified-for-oap-members-only/updateDB.php es vulnerable a inyecciones SQL a ciegas porque no sanitiza los valores de entrada del usuario mediante recordId en la... • http://membership.officeautopilot.com/get-it-now • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2017-1002010 – Membership Simplified <= 1.58 Beta - SQL Injection
https://notcve.org/view.php?id=CVE-2017-1002010
17 Mar 2017 — Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. Existe una vulnerabilidad en el plugin Membership Simplified v1.58 de WordPress. El código en membership-simplified-for-oap-members-only/updateDB.php es vulnerable a inyecciones SQL a ciegas porque no sanitiza los valores de entrada del usuario mediante recordId... • http://membership.officeautopilot.com/get-it-now • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •