4 matches found
CVE-2020-36875
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...
ChanCMS /cms/article/update file SQL injection vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...
PT-2020-14257 · Helm +2 · Helm +2
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: The issue arises from improper sanitization of plugin names, allowing a malicious plugin author to use characters that could result in unexpected behavior. This could...