Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-09-14
Updated
2017-09-20
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-09-14
Updated
2017-09-20
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
Max CVSS
9.8
EPSS Score
0.17%
Published
2017-09-14
Updated
2017-09-21
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-09-14
Updated
2017-09-18
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-09-14
Updated
2017-09-18
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-09-14
Updated
2017-09-19
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-09-14
Updated
2017-09-18
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-09-14
Updated
2017-09-18
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-09-14
Updated
2019-12-11
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-09-14
Updated
2017-09-20
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-09-14
Updated
2017-09-20
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-09-14
Updated
2017-09-20
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-09-14
Updated
2019-10-03
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
Max CVSS
9.8
EPSS Score
0.12%
Published
2017-09-14
Updated
2017-09-21
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
Max CVSS
9.8
EPSS Score
0.12%
Published
2017-09-14
Updated
2017-09-21
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Max CVSS
9.8
EPSS Score
3.87%
Published
2017-09-14
Updated
2019-12-11
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Max CVSS
9.8
EPSS Score
2.96%
Published
2017-09-14
Updated
2017-09-27
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Max CVSS
9.8
EPSS Score
2.26%
Published
2017-09-14
Updated
2017-09-27
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Max CVSS
9.8
EPSS Score
4.04%
Published
2017-09-14
Updated
2017-09-27
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
Max CVSS
9.8
EPSS Score
4.87%
Published
2017-09-14
Updated
2017-09-27
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-11-27
Updated
2019-10-09
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Max CVSS
9.8
EPSS Score
0.36%
Published
2017-11-27
Updated
2019-10-09
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.58%
Published
2017-06-19
Updated
2019-10-03
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
2.47%
Published
2017-06-19
Updated
2017-08-12
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-06-19
Updated
2019-10-03
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!