Lucene search
K

32 matches found

Cvelist
Cvelist
added 2017/09/14 1:0 p.m.19 views

CVE-2017-1002006

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...

7.6AI score0.03232EPSS
Exploits1References3
CVE
CVE
added 2017/09/14 1:0 p.m.56 views

CVE-2017-1002007

CVE-2017-1002007 affects the WordPress DTracker plugin v1.5. The issue is in dtracker/save_mail.php, which does not verify that the user is authorized before inserting new contacts into wp_contact. The root cause is missing authorization checks, allowing an unauthenticated attempt to inject data ...

7.5CVSS8AI score0.03232EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/09/14 1:0 p.m.21 views

CVE-2017-1002007

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...

7.6AI score0.03232EPSS
Exploits1References3
CVE
CVE
added 2017/09/14 1:0 p.m.62 views

CVE-2017-1002004

The CVE-2017-1002004 entry concerns the WordPress DTracker plugin (v1.5) with an SQL injection in dtracker/download.php where user input is not sanitized for the id parameter before appending to SQL queries. Public sources in the Connected documents describe multiple unauthenticated blind SQL inj...

7.5CVSS8.1AI score0.03409EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/09/14 1:0 p.m.54 views

CVE-2017-1002006

Vulnerability in WordPress DTracker plugin v1.5 is caused by dtracker/save_contact.php failing to verify user authorization before inserting contacts into the wp_contact table. The issue enables unauthorized users to inject new contacts, potentially compromising site data. Connected sources corro...

7.5CVSS8AI score0.03232EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/09/14 1:0 p.m.56 views

CVE-2017-1002005

CVE-2017-1002005 affects the WordPress DTracker plugin (v1.5): the delete.php path uses user input for contact_id directly in an SQL query without sanitization, enabling SQL injection. Connected documents corroborate a SQL injection vulnerability in DTracker 1.5, with multiple sources flagging un...

7.5CVSS8.1AI score0.03189EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2017/03/20 12:0 a.m.2 views

WordPress DTracker plugin content injection vulnerability (CNVD-2017-03798)

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A content injection vulnerability exists in the WordPress DTracker plugin, which stems from the program failing ...

7.5CVSS7.8AI score0.03232EPSS
Exploits1References1
CNVD
CNVD
added 2017/03/20 12:0 a.m.3 views

WordPress DTracker plugin content injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A content injection vulnerability exists in the WordPress DTracker plugin, which stems from the program failing ...

7.5CVSS7.8AI score0.03232EPSS
Exploits1References1
CNVD
CNVD
added 2017/03/13 12:0 a.m.5 views

WordPress Plugin DTracker SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.DTracker is one of the plug-ins used to track site downloads. A SQL injection vulnerability exists in WordPress plugin...

7.5CVSS7.8AI score0.03189EPSS
Exploits1References1
CNVD
CNVD
added 2017/03/13 12:0 a.m.5 views

WordPress plugin DTracker SQL injection vulnerability (CNVD-2017-03688)

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.DTracker is one of the plugins used to track site downloads. A SQL injection vulnerability exists in...

7.5CVSS7.8AI score0.03409EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/03/13 12:0 a.m.23 views

Dtracker <= 1.5 - Unauthorised Contract Creation

Plugin is still affected and has been closed...

5CVSS3.2AI score0.03232EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/09 12:0 a.m.29 views

DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections

The dtracker WordPress plugin was affected by a Multiple Unauthenticated Blind SQL Injections security vulnerability...

5CVSS3AI score0.03409EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder