Lucene search

Webmaster-source Security Vulnerabilities

cve

CVE-2013-2700

Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.

7.4AI Score

0.003EPSS

2014-05-14 07:55 PM

cve

CVE-2015-9397

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

5.4CVSS

5.6AI Score

0.001EPSS

2019-09-20 04:15 PM

191

cve

CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

8.8CVSS

9.1AI Score

0.002EPSS

2019-09-20 04:15 PM

188

cve

CVE-2021-25073

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack

8.8CVSS

8.5AI Score

0.001EPSS

2022-01-24 08:15 AM