7 matches found
CVE-2016-10898
The total-security plugin before 3.4.1 for WordPress has XSS...
EUVD-2016-1892
Malware in sbrugna...
WordPress total-security plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. total-security is a website security vulnerability scanning plugin used in it. An input validation error vulnerability exists in the...
WordPress total-security plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. total-security is a website security vulnerability scanning plugin used in it. A cross-site scripting vulnerability exists in the...
CVE-2016-10898
The total-security plugin before 3.4.1 for WordPress has XSS...
CVE-2016-10899
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability...
WordPress Total Security plugin <= 3.4 - Persistent Cross-Site Scripting (XSS) Vulnerability
With the 404 log feature is enabled, the function getRefe doesn't sanitize $SERVER'HTTPREFERER'. When the output is shown - the referer is not escaped. Solution Update the plugin...