5 matches found
CVE-2014-8949
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-89...
Code injection
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...
CVE-2014-8948
The CVE-2014-8948 entry concerns the WordPress iMember360 plugin, versions 3.8.012 through 3.9.001. The underlying issue is a Cross-site request forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests sent with the i4w_trace parameter. The descripti...
EUVD-2014-8776
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...