News Manager Security Vulnerabilities
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....
9.8CVSS
9.4AI Score
0.004EPSS
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid...
5.9AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other.....
5.5AI Score
0.001EPSS
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby...
8AI Score
0.002EPSS
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2)...
6.3AI Score
0.005EPSS
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id...
6.7AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d)...
8.5AI Score
0.001EPSS
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include...
7.5AI Score
0.006EPSS
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template...
7.1AI Score
0.03EPSS
Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b)...
5.8AI Score
0.006EPSS
SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The...
8.8AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to...
8.5AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are...
8.9AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query...
5.9AI Score
0.001EPSS
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g)...
8AI Score
0.019EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f).....
5.7AI Score
0.017EPSS
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive...
8.9AI Score
0.009EPSS
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the...
8.8AI Score
0.003EPSS
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password...
9AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...
8.8AI Score
0.007EPSS
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...
7.5AI Score
0.021EPSS
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to...
6AI Score
0.006EPSS