WP User Frontend < 3.5.25 - Admin+ SQL Injection

The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection PoC https://example.com/wp-admin/edit.php?posttype=wpufsubscription=wpufsubscribersID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%29...

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation...

Smart PHP Subscriber Disclosure

----------------------------------------------------------------------------------------------- Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...

Smart PHP Subscriber Multiple Disclosure Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...

Smart PHP Subscriber Multiple Disclosure Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== Smart PHP Subscriber Multiple Disclosure Vulnerabilities ========================================================...

Smart PHP Subscriber - Multiple Disclosure Vulnerabilities

----------------------------------------------------------------------------------------------- Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...