Lucene search
K

110 matches found

WPVulnDB
WPVulnDB
added 2017/03/01 12:0 a.m.14 views

NewStatPress <= 1.2.4 - Stored Cross-Site Scripting (XSS)

The NewStatPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.00915EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2017/03/01 12:0 a.m.8 views

WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability

WordPress Plugin NewStatPress 1.2.4 has a persistent Cross-Site Scripting XSS vulnerability discovered on Summer Of Pwnage event Solution Update plugin to the latest version at least 1.2.5...

2.3AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2017/03/01 12:0 a.m.39 views

WordPress NewStatPress 1.2.4 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/03/01 12:0 a.m.26 views

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...

Exploits0
Exploit DB
Exploit DB
added 2017/03/01 12:0 a.m.54 views

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this vulnerability an attacker can inject malicious JavaScript cod...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2015/08/31 12:0 a.m.31 views

WordPress NewStatPress Plugin 0.9.8 xss+sql注入

主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...

6.5CVSS6.8AI score0.09183EPSS
Exploits7
Patchstack
Patchstack
added 2015/07/07 12:0 a.m.10 views

WordPress NewStatPress Plugin <= 1.0.4 - Reflected Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/07 12:0 a.m.19 views

NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...

4.3CVSS0.2AI score0.01879EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/07/07 12:0 a.m.13 views

WordPress NewStatPress Plugin <= 1.0.4 - SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows attackers to inject arbitrary SQL commands. Solution Upgrade this plugin...

5.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.40 views

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. The...

7.5CVSS0.2AI score0.01815EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.37 views

NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...

4.3CVSS0.5AI score0.01879EPSS
Exploits1References1
Patchstack
Patchstack
added 2015/06/30 12:0 a.m.6 views

WordPress NewStatPress Plugin <= 1.0.3 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/30 12:0 a.m.16 views

NewStatPress <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An insufficient user input validation of HTTP-Header: "Referer" results in a persistent XSS in the WordPress admin-panel. An attacker may be able to access any cookies, session tokens or other sensitive information retained by the browser and used with that site...

4.3CVSS2.9AI score0.00923EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/08 12:0 a.m.17 views

Newstatpress < 1.0.1 - SQL Injection

The NewStatPress WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.1AI score0.01815EPSS
Exploits0Affected Software1
NVD
NVD
added 2015/05/27 6:59 p.m.23 views

CVE-2015-4063

Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...

3.5CVSS5.3AI score0.06188EPSS
Exploits6References4
NVD
NVD
added 2015/05/27 6:59 p.m.19 views

CVE-2015-4062

SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...

6.5CVSS7.9AI score0.09183EPSS
Exploits6References4
Prion
Prion
added 2015/05/27 6:59 p.m.16 views

Sql injection

SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...

6.5CVSS8.5AI score0.09183EPSS
Exploits6References4Affected Software1
Prion
Prion
added 2015/05/27 6:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...

3.5CVSS5.7AI score0.06188EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2015/05/27 6:0 p.m.31 views

CVE-2015-4062

SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...

7.9AI score0.09183EPSS
Exploits6References4
Cvelist
Cvelist
added 2015/05/27 6:0 p.m.27 views

CVE-2015-4063

Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...

5.3AI score0.06188EPSS
Exploits6References4
Rows per page
Query Builder