Lucene search
K

4 matches found

Patchstack
Patchstack
added 2019/07/02 12:0 a.m.18 views

WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability that leads to Remote Code Execution RCE found by Paul Dannewitz in WordPress Widget Logic plugin versions = 5.9.0. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.2...

8.8CVSS4.4AI score0.0111EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/01/28 12:0 a.m.25 views

WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Paul Dannewitz in WordPress Yet Another Stars Rating plugin versions = 1.8.6. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 1.8.7...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/09/18 12:0 a.m.10 views

WordPress SQL Shortcode plugin <=1.1 - Authenticated SQL Execution vulnerability

Authenticated SQL Execution vulnerability found by Paul Dannewitz in WordPress SQL Shortcode plugin version 1.1 and earlier versions. This vulnerability allows users with low privileges to execute SQL. Solution SQL Shortcode plugin removed from WordPress plugin repository. Use plugin with caution...

4.5AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2017/08/16 12:0 a.m.20 views

WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability

Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder