Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-14 | CVE-2017-1002018 | SQL Injection vulnerability in Eventr Project Eventr 1.02.2 Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | 7.5 |
2017-09-14 | CVE-2017-1002016 | Unrestricted Upload of File with Dangerous Type vulnerability in Flickr Picture Backup Project Flickr Picture Backup 0.7 Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | 7.5 |
2017-09-14 | CVE-2017-1002015 | SQL Injection vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | 7.5 |
2017-09-14 | CVE-2017-1002014 | SQL Injection vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | 7.5 |
2017-09-14 | CVE-2017-1002013 | SQL Injection vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | 7.5 |
2017-09-14 | CVE-2017-1002012 | SQL Injection vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | 7.5 |
2017-09-14 | CVE-2017-1002010 | SQL Injection vulnerability in Ontraport Membership Simplified 1.58 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | 7.5 |
2017-09-14 | CVE-2017-1002009 | SQL Injection vulnerability in Ontraport Membership Simplified 1.58 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | 7.5 |
2017-09-14 | CVE-2017-1002008 | Unrestricted Upload of File with Dangerous Type vulnerability in Membership Simplified Project Membership Simplified 1.58 Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | 7.5 |
2017-09-14 | CVE-2017-1002003 | Unrestricted Upload of File with Dangerous Type vulnerability in Wp2Android-Turn-Wp-Site-Into-Android-App Project Wp2Android-Turn-Wp-Site-Into-Android-App 1.1.4 Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | 7.5 |