Show filters
51 Total Results
Displaying 41-50 of 51
Sort by:
Attacker Value
Unknown

CVE-2015-9368

Disclosure Date: August 28, 2019 (last updated November 27, 2024)
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
0
0
Attacker Value
Unknown

CVE-2015-9363

Disclosure Date: August 28, 2019 (last updated November 27, 2024)
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
0
0
Attacker Value
Unknown

CVE-2015-9367

Disclosure Date: August 28, 2019 (last updated November 27, 2024)
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
0
0
Attacker Value
Unknown

CVE-2015-9365

Disclosure Date: August 28, 2019 (last updated November 27, 2024)
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
0
0
Attacker Value
Unknown

CVE-2015-9366

Disclosure Date: August 28, 2019 (last updated November 27, 2024)
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
0
0
Attacker Value
Unknown

CVE-2018-12636

Disclosure Date: June 22, 2018 (last updated November 08, 2023)
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
0
0
Attacker Value
Unknown

CVE-2018-7433

Disclosure Date: March 02, 2018 (last updated November 26, 2024)
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
0
0
Attacker Value
Unknown

CVE-2013-2743

Disclosure Date: April 02, 2013 (last updated October 05, 2023)
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.
0
0
Attacker Value
Unknown

CVE-2013-2742

Disclosure Date: April 02, 2013 (last updated October 05, 2023)
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.
0
0
Attacker Value
Unknown

CVE-2013-2741

Disclosure Date: April 02, 2013 (last updated October 05, 2023)
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
0
0
View More Topics  < Previous  Next >