Vulnerabilities > Ostenta > Yawpp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-20 | CVE-2015-9391 | Cross-site Scripting vulnerability in Ostenta Yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | 4.3 |
2014-08-06 | CVE-2014-5182 | SQL Injection vulnerability in Ostenta Yawpp 1.2 Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | 6.0 |