Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-12 CVE-2017-6816 Incorrect Authorization vulnerability in multiple products
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
network
low complexity
wordpress debian CWE-863
4.9
4.9
2017-03-12 CVE-2017-6815 Improper Input Validation vulnerability in multiple products
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
network
low complexity
wordpress debian CWE-20
6.1
6.1
2017-03-12 CVE-2017-6814 Cross-site Scripting vulnerability in multiple products
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2017-03-11 CVE-2017-6812 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6811 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6810 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6809 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6808 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6513 Permission Issues vulnerability in Softaculous Whmcs Reseller Module 2.0.2
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
network
low complexity
softaculous CWE-275
critical
 9.9
9.9
2017-03-11 CVE-2017-6466 Improper Input Validation vulnerability in F-Secure Software Updater 2.20
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download.
network
high complexity
f-secure CWE-20
8.1
8.1