|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for WordPress:#- Several SQL injection in Mail Masta :#* CVE-2017-6095 : HTTP GET request via the "list_id" parameter (unauthenticated)#* CVE-2017-6096 : HTTP GET request via the "filter_list" parameter (admin right needed)#* CVE-2017-6097 : HTTP POST request via the "camp_id" parameter (admin right needed)#* CVE-2017-6098 : HTTP POST request via the "list_id" parameter (admin right needed)##- RockHoist Badges : stored cross-site scripting#- ByREV WP-PICShield : cross-site request forgery#- AnyVar : stored cross-site scripting#- Democracy Poll : cross-site scripting and cross-site request forgery#- GTranslate : unauthenticated open redirect##Proofs of concept are available.)
|
