Lucene search
K

6 matches found

seebug.org
seebug.org
added 2015/08/31 12:0 a.m.30 views

WordPress NewStatPress Plugin 0.9.8 xss+sql注入

主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...

6.5CVSS6.8AI score0.09183EPSS
Exploits7
CVE
CVE
added 2015/05/27 6:0 p.m.87 views

CVE-2015-4063

Summary (CVE-2015-4063): WordPress plugin NewStatPress (before 0.9.9) contains a cross-site scripting (XSS) flaw in includes/nsp_search.php. The vulnerability allows remote authenticated users to inject arbitrary script/HTML via the where1 parameter on the nsp_search page (to wp-admin/admin.php)....

3.5CVSS5.4AI score0.06188EPSS
Exploits6References4Affected Software1
exploitpack
exploitpack
added 2015/05/26 12:0 a.m.20 views

WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities

WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version:...

6.5CVSS0.3AI score0.09183EPSS
Exploits7
0day.today
0day.today
added 2015/05/26 12:0 a.m.50 views

WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection Vulnerabilities

WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...

6.5CVSS0.1AI score0.09183EPSS
Exploits7
Exploit DB
Exploit DB
added 2015/05/26 12:0 a.m.37 views

WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities

Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...

6.5CVSS6.4AI score0.09183EPSS
Exploits7
Packet Storm
Packet Storm
added 2015/05/25 12:0 a.m.44 views

WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection

Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...

6.5CVSS0.2AI score0.09183EPSS
Exploits7
Rows per page
Query Builder