48 matches found
CVE-2014-9570
CVE-2014-9570 corresponds to two cross-site scripting (XSS) vulnerabilities in the Simple Security WordPress Plugin (MyWebsiteAdvisor), affected versions 1.1.5 and earlier. The flaws arise from insufficient input sanitization of user-supplied data, specifically the datefilter parameter on /wp-adm...
WordPress Simple Security 1.1.5 Cross Site Scripting Vulnerability
WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability. Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical detail...
Simple Security <= 1.1.5 - 2 x Cross-Site Scripting (XSS)
The Simple Security WordPress plugin was affected by a 2 x Cross-Site Scripting XSS security vulnerability...
WordPress Simple Security 1.1.5 Cross Site Scripting
Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical details Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015...
WordPress Simple Security Plugin <= 1.1.5 - Multiple XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the 1 "datefilter" parameter in the accesslog page to wp-admin/users.php. Solution Update the plugin...
Two XSS vulnerabilities in Simple Security WordPress Plugin
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Simple Security WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable plugin. 1 Two Cross-Site Scripting XSS Vulnerabilities in Simple...
Security: Invalid EJB caller role check implementation
It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...
Security: Invalid EJB caller role check implementation
It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...