SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-04-30
Updated
2017-08-08
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-04-27
Updated
2017-09-29
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
Max CVSS
7.5
EPSS Score
1.24%
Published
2008-04-28
Updated
2018-10-11
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-04-02
Updated
2017-09-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!