13 matches found
EUVD-2014-5080
Malware in sbrugna...
EUVD-2015-9231
Malware in sbrugna...
CVE-2015-9391
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter...
CVE-2014-5182
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to 1 adminfunctions.php or 2 adminupdate.php, as demonstrated by the id parameter in the update action to...
CVE-2015-9391
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter...
Design/Logic Flaw
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter...
CVE-2015-9391
CVE-2015-9391 affects the WordPress yawpp plugin up to version 1.2.2. The vulnerability is an XSS condition caused by the field1 parameter, reported as an unauthenticated stored XSS in multiple sources. Connected documents describe the issue as a stored XSS vector in yawpp, with PoCs indicating c...
CVE-2015-9391
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter...
CVE-2014-5182
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to 1 adminfunctions.php or 2 adminupdate.php, as demonstrated by the id parameter in the update action to...
Sql injection
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to 1 adminfunctions.php or 2 adminupdate.php, as demonstrated by the id parameter in the update action to...
CVE-2014-5182
CVE-2014-5182 describes multiple SQL injection vulnerabilities in the yawpp WordPress plugin (version 1.2). The flaws are in admin_functions.php and admin_update.php, exploitable via the id parameter in the update action to wp-admin/admin.php, allowing remote authenticated users with Contributor ...
CVE-2014-5182
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to 1 adminfunctions.php or 2 adminupdate.php, as demonstrated by the id parameter in the update action to...
WordPress YAWPP Plugin <= 1.2 - Multiple SQL Injection
Because of these vulnerabilities, remote authenticated users can execute arbitrary SQL commands via vectors related to adminfunctions.php. Solution Update the plugin...