CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25618 – WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-25618
04 Apr 2022 — Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado (admin+) Almacenado en wpDataTables (plugin de WordPress) versiones anteriores a 2.1.27 incluyéndola The wpDataTables plugin <= 2.1.27 is vulnerable to authenticated (admin+) Stored Cross-Site Scripting • https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6011 – wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-6011
16 Oct 2019 — Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en wpDataTables Lite Versión 2.0.11 y anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN14776551/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6012 – wpDataTables Lite plugin <= 2.0.11 - SQL injection
https://notcve.org/view.php?id=CVE-2019-6012
16 Oct 2019 — SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. La vulnerabilidad de inyección SQL en wpDataTables Lite Versión 2.0.11 y anteriores, permite a atacantes autenticados remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN14776551/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •