Lucene search
K

115 matches found

Cvelist
Cvelist
added 2019/08/27 11:34 a.m.21 views

CVE-2015-9345

The link-log plugin before 2.0 for WordPress has HTTP Response Splitting...

7.6AI score0.01389EPSS
Exploits0References1
CVE
CVE
added 2019/08/27 11:34 a.m.44 views

CVE-2015-9345

CVE-2015-9345 concerns the WordPress plugin Link Log, where versions before 2.0 expose a vulnerability due to HTTP Response Splitting. The affected component is the Link Log plugin for WordPress; the root cause is improper handling/validation of input during command/log construction, enabling hea...

7.5CVSS7.6AI score0.01389EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/27 11:27 a.m.45 views

CVE-2015-9344

The CVE-2015-9344 affects the WordPress Link Log plugin prior to version 2.1, with an SQL injection vulnerability caused by lack of validation of externally supplied SQL statements. Public records (NVD/NIST) rate it as high/critical (CVSS2/HIGH, CVSS3/CRITICAL) and indicate network access with no...

9.8CVSS9.9AI score0.01795EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/27 11:27 a.m.16 views

CVE-2015-9344

The link-log plugin before 2.1 for WordPress has SQL injection...

10AI score0.01795EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 1:15 p.m.8 views

Sql injection

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection...

7.5CVSS9.9AI score0.01799EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/22 12:34 p.m.47 views

CVE-2017-18573

The CVE-2017-18573 entry concerns the WordPress plugin simple-login-log, vulnerable to SQL injection in versions before 1.1.2. The issue’s root cause is improper handling of SQL queries in the login-logging functionality, enabling an attacker to inject SQL commands. Several connected records (Red...

9.8CVSS9.9AI score0.01799EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

DEBIAN-CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS7.1AI score0.01005EPSS
Exploits0References1
CVE
CVE
added 2018/04/06 4:0 p.m.38 views

CVE-2014-5072

CVE-2014-5072 affects the WP Security Audit Log WordPress plugin prior to version 1.2.5. The vulnerability is a cross-site request forgery (CSRF) that could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The public records in the connected sources ...

8.8CVSS8.9AI score0.00866EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/03/21 12:0 a.m.5 views

WordPress Activity Log Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers set up a personal blog site. activity Log plugin is used in one of the log plugin. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.1AI score0.0563EPSS
Exploits7References1
Prion
Prion
added 2018/03/15 5:29 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

4.3CVSS6AI score0.0563EPSS
Exploits7References5Affected Software1
NVD
NVD
added 2018/03/15 5:29 p.m.29 views

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

6.1CVSS6.1AI score0.0563EPSS
Exploits7References5
Vulnrichment
Vulnrichment
added 2018/03/15 5:0 p.m.15 views

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

5.9AI score0.0563EPSS
Exploits7References5
CVE
CVE
added 2018/03/15 5:0 p.m.61 views

CVE-2018-8729

CVE-2018-8729 describes multiple Stored XSS flaws in the WordPress Activity Log plugin (aryo-activity-log) prior to 2.4.1. The vulnerability stems from unescaped post/title data stored in logs (e.g., get_the_title calls), allowing remote attackers to inject JavaScript/HTML. Public exploit routes ...

6.1CVSS6AI score0.0563EPSS
Exploits7References5Affected Software1
Patchstack
Patchstack
added 2016/07/11 12:0 a.m.7 views

WordPress Activity Log Plugin 2.3.1 - Persistent XSS

Because of this vulnerability, an attacker can inject malicious JavaScript code in to the application. Solution Upgrade the WordPress plugin to the newer stable and safe version...

2.9AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2004/05/22 12:0 a.m.36 views

e107 web portal Referers HTTP Injection

Synopsis: All versions of e107 have a vulnerability that allows html tags and content to be posted to the stats page and to be listed under Referers and may also list a screen size that they wish. Description: All versions of e107 have a vulnerability that allows html tags and content to be poste...

7.1AI score
Exploits0
Rows per page
Query Builder