CVE-2018-5373 – Smooth Slider < 2.8.7 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-5373
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). El plugin Smooth Slider hasta la versión 2.8.6 para WordPress tiene inyección SQL mediante smooth-slider.php (parámetro trid). • http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-9454 – Smooth Slider < 2.7 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-9454
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. El plugin smooth-slider versiones anteriores a 2.7 para WordPress, presenta una inyección SQL por medio del parámetro current_slider_id de wp-admin/admin.php?page=smooth-slider-admin. The Smooth Slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php? • http://cinu.pl/research/wp-plugins/mail_36e814da6ac4dd903be2c77cfbdd0afd.html https://wordpress.org/plugins/smooth-slider/#developers https://wpvulndb.com/vulnerabilities/8284 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •