EUVD-2018-3605

Malware in sbrugna...

EUVD-2018-3655

Malware in sbrugna...

CVE-2018-11632

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...

WordPress Woocommerce Category Banner Management Plugin <= 1.1.0 Unauthenticated Settings Change Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112423";...

WordPress Advance Search for WooCommerce plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.MULTIDOTS Advance Search for WooCommerce plugin is used in one of the e-commerce for the product search plugin. A...

WordPress MULTIDOTS WooCommerce Quick Reports Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. MULTIDOTS WooCommerce Quick Reports plugin is used in one of the e-commerce order report generation plugin...

WordPress MULTIDOTS Mass Pages/Posts Creator Plugin Denial of Service Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of blogging platform , the platform supports PHP and MySQL server set up a personal blog site . MULTIDOTS Mass Pages/Posts Creator plugin is used in one of the bulk page creation plugin . A security vulnerability...

CVE-2018-11485

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce - Orders admin page. The attack is possible by modifying the "referralsite" cookie to have an XSS payload, and...

CVE-2018-11485

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce - Orders admin page. The attack is possible by modifying the "referralsite" cookie to have an XSS payload, and...

Cross site scripting

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

CVE-2018-11486

Affected product: WordPress MULTIDOTS Advance Search for WooCommerce plugin (versions

CVE-2018-11485

The CVE-2018-11485 entry concerns the WordPress plugin MULTIDOTS WooCommerce Quick Reports (versions

CVE-2018-11633

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...

CVE-2018-11632

The CVE-2018-11632 issue affects the WordPress plugin Add Social Share Messenger Buttons Whatsapp and Viber (version 1.0.8) by lack of nonce/capability checks in whatsapp_share_setting_add_update(), enabling CSRF to change settings when an admin visits a crafted URL via spear phishing/social engi...

CVE-2018-11632

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...

CVE-2018-11633

The CVE-2018-11633 issue affects the MULTIDOTS Woo Checkout for Digital Goods plugin for WordPress (version 2.1). The vulnerability stems from the function woo_checkout_settings_page in class-woo-checkout-for-digital-goods-admin.php not validating CSRF against wp-admin/admin-post.php and lacking ...

CVE-2018-11579

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wpajaxnopriv usage. Anyone can change the plugin's setting by simply sending a request with a...

CVE-2018-11579

The CVE-2018-11579 entry concerns the WordPress plugin MULTIDOTS WooCommerce Category Banner Management (version 1.1.0). The vulnerability is an Unauthenticated Settings Change via wp_ajax_nopriv_ usage, allowing an attacker to change plugin settings by sending a request with the wbm_save_shop_pa...