6 matches found
WordPress NewStatPress Plugin 0.9.8 xss+sql注入
主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...
CVE-2015-4063
Summary (CVE-2015-4063): WordPress plugin NewStatPress (before 0.9.9) contains a cross-site scripting (XSS) flaw in includes/nsp_search.php. The vulnerability allows remote authenticated users to inject arbitrary script/HTML via the where1 parameter on the nsp_search page (to wp-admin/admin.php)....
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version:...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection Vulnerabilities
WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection
Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...