3 matches found
EUVD-2013-5511
Malware in sbrugna...
Sql injection
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the customquery parameter in a testimonialadd action to wp-admin/admin-ajax.php...
CVE-2013-5672
Multiple cross-site request forgery CSRF vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add a testimonial via an iNICtestimonialsave action; 2 add a listing template via an...