Lucene search
K

48 matches found

CVE
CVE
added 2015/01/15 3:0 p.m.65 views

CVE-2014-9570

CVE-2014-9570 corresponds to two cross-site scripting (XSS) vulnerabilities in the Simple Security WordPress Plugin (MyWebsiteAdvisor), affected versions 1.1.5 and earlier. The flaws arise from insufficient input sanitization of user-supplied data, specifically the datefilter parameter on /wp-adm...

4.3CVSS5.8AI score0.01618EPSS
Exploits3References2Affected Software1
0day.today
0day.today
added 2015/01/15 12:0 a.m.64 views

WordPress Simple Security 1.1.5 Cross Site Scripting Vulnerability

WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability. Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical detail...

4.3CVSS5.9AI score0.01618EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2015/01/14 3:31 p.m.30 views

Simple Security <= 1.1.5 - 2 x Cross-Site Scripting (XSS)

The Simple Security WordPress plugin was affected by a 2 x Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01618EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2015/01/14 12:0 a.m.77 views

WordPress Simple Security 1.1.5 Cross Site Scripting

Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical details Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015...

4.3CVSS6.5AI score0.01618EPSS
Exploits3
Patchstack
Patchstack
added 2015/01/07 12:0 a.m.37 views

WordPress Simple Security Plugin <= 1.1.5 - Multiple XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the 1 "datefilter" parameter in the accesslog page to wp-admin/users.php. Solution Update the plugin...

4.3CVSS2.7AI score0.01618EPSS
Exploits3References1Affected Software1
htbridge
htbridge
added 2014/12/17 12:0 a.m.51 views

Two XSS vulnerabilities in Simple Security WordPress Plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Simple Security WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable plugin. 1 Two Cross-Site Scripting XSS Vulnerabilities in Simple...

2.6CVSS0.3AI score0.01618EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2014/08/06 3:6 p.m.7 views

Security: Invalid EJB caller role check implementation

It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...

4.9CVSS5.7AI score0.01681EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/06 2:52 p.m.3 views

Security: Invalid EJB caller role check implementation

It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...

4.9CVSS5.7AI score0.01681EPSS
Exploits0References4
Rows per page
Query Builder