CVE-2015-10100 – Dynamic Widgets Plugin dynwid_class.php sql injection
https://notcve.org/view.php?id=CVE-2015-10100
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. • https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795 https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11 https://vuldb.com/?ctiid.225353 https://vuldb.com/?id.225353 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-9436 – Dynamic Widgets <= 1.5.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9436
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. El plugin dynamic-widgets versiones anteriores a 1.5.11 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro prefix o widget_id de wp-admin/admin-ajax.php?action=term_tree . • http://cinu.pl/research/wp-plugins/mail_489304900a50751da1495e2ea660bc51.html https://wordpress.org/plugins/dynamic-widgets/#developers https://wpvulndb.com/vulnerabilities/8258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9437 – Dynamic Widgets <= 1.5.10 - Refletced Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9437
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. El plugin dynamic-widgets versiones anteriores a 1.5.11 para WordPress, presenta una vulnerabilidad de tipo CSRF con un XSS resultante por medio del parámetro page_limit de wp-admin/themes.php?page=dynwid-config. • http://cinu.pl/research/wp-plugins/mail_489304900a50751da1495e2ea660bc51.html https://wordpress.org/plugins/dynamic-widgets/#developers https://wpvulndb.com/vulnerabilities/8258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •