2 matches found
CVE-2014-5389
Content Audit WordPress plugin (before 1.6.1) contains a blind SQL injection in content-audit-schedule.php. An attacker can modify the Audited content types option to inject SQL that runs, e.g., via daily wp-cron, potentially exfiltrating data (e.g., password hashes). Affected versions: ≤1.6.1; r...
CVE-2017-18560
The CVE-2017-18560 issue concerns the WordPress Content Audit plugin (before 1.9.2). The Red Hat/NVD/CNVD entries confirm a Cross-Site Scripting (XSS) vulnerability in this plugin. Affected component: content-audit plugin for WordPress; root cause: XSS in the plugin prior to version 1.9.2. Impact...