CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18573 – Simple Login Log < 1.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-18573
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. El plugin simple-login-log versiones anteriores a 1.1.2 para WordPress, presenta una inyección SQL. The simple-login-log plugin before 1.1.2 for WordPress has SQL injection via the 'order' parameter in the get_results function. • https://wordpress.org/plugins/simple-login-log/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18514 – Simple Login Log < 1.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-18514
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. El plugin simple-login-log versiones anteriores a 1.1.2 para WordPress, presenta una inyección SQL. The simple-login-log plugin before 1.1.2 for WordPress has SQL injection via the 'orderby' parameter in the get_results function. • https://wordpress.org/plugins/simple-login-log/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 4CVE-2011-4618 – Advanced Text Widget <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4618
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad Cross-site scripting (XSS) en advancedtext.php en el plugin Advanced Text Widget anterior a v2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "page". • https://www.exploit-db.com/exploits/36324 http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget http://wordpress.org/extend/plugins/advanced-text-widget/changelog http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities http://www.openwall.com/lists/oss-security/2011/12/19/6 http://www.securityfocus.com/archive/1/520589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •