110 matches found
NewStatPress <= 1.2.4 - Stored Cross-Site Scripting (XSS)
The NewStatPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability
WordPress Plugin NewStatPress 1.2.4 has a persistent Cross-Site Scripting XSS vulnerability discovered on Summer Of Pwnage event Solution Update plugin to the latest version at least 1.2.5...
WordPress NewStatPress 1.2.4 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this vulnerability an attacker can inject malicious JavaScript cod...
WordPress NewStatPress Plugin 0.9.8 xss+sql注入
主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...
WordPress NewStatPress Plugin <= 1.0.4 - Reflected Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...
WordPress NewStatPress Plugin <= 1.0.4 - SQL Injection
This plugin is prone to an SQL injection vulnerability. It allows attackers to inject arbitrary SQL commands. Solution Upgrade this plugin...
NewStatPress <= 1.0.4 - SQL Injection
The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. The...
NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...
WordPress NewStatPress Plugin <= 1.0.3 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...
NewStatPress <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
An insufficient user input validation of HTTP-Header: "Referer" results in a persistent XSS in the WordPress admin-panel. An attacker may be able to access any cookies, session tokens or other sensitive information retained by the browser and used with that site...
Newstatpress < 1.0.1 - SQL Injection
The NewStatPress WordPress plugin was affected by a SQL Injection security vulnerability...
CVE-2015-4063
Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...
CVE-2015-4062
SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...
Sql injection
SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...
CVE-2015-4062
SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...
CVE-2015-4063
Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...