ning1022/cve

Releases0

cve

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-12199 ↗	Aug 2, 2017Wednesday, 2 August 2017, 05:29	—	7.5 HIGH
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
CVE-2017-12200 ↗	Aug 2, 2017Wednesday, 2 August 2017, 05:29	—	4.3 MEDIUM
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
CVE-2017-12068 ↗	Aug 1, 2017Tuesday, 1 August 2017, 05:29	—	4.3 MEDIUM
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
CVE-2017-12131 ↗	Aug 1, 2017Tuesday, 1 August 2017, 05:29	—	4.3 MEDIUM
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.