Search criteria
8 vulnerabilities by gamerz
CVE-2025-10747 (GCVE-0-2025-10747)
Vulnerability from cvelistv5 – Published: 2025-09-26 05:27 – Updated: 2025-09-26 19:48
VLAI?
Title
WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload
Summary
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-DownloadManager |
Affected:
* , ≤ 1.68.11
(semver)
|
Credits
Sunnatillo Abdivasiyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T19:48:06.922274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T19:48:25.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-DownloadManager",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "1.68.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sunnatillo Abdivasiyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T05:27:20.601Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-downloadmanager/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3364847%40wp-downloadmanager\u0026new=3364847%40wp-downloadmanager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-20T04:27:59.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-25T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-DownloadManager \u003c= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10747",
"datePublished": "2025-09-26T05:27:20.601Z",
"dateReserved": "2025-09-19T19:48:07.090Z",
"dateUpdated": "2025-09-26T19:48:25.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4799 (GCVE-0-2025-4799)
Vulnerability from cvelistv5 – Published: 2025-06-11 03:41 – Updated: 2025-06-11 13:23
VLAI?
Title
WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion
Summary
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
Severity ?
7.2 (High)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-DownloadManager |
Affected:
* , ≤ 1.68.10
(semver)
|
Credits
Jamshed Yergashvoyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:23:45.565512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:23:50.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-DownloadManager",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "1.68.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jamshed Yergashvoyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T03:41:53.029Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3294467/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-10T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-DownloadManager \u003c= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4799",
"datePublished": "2025-06-11T03:41:53.029Z",
"dateReserved": "2025-05-15T19:37:36.032Z",
"dateUpdated": "2025-06-11T13:23:50.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4798 (GCVE-0-2025-4798)
Vulnerability from cvelistv5 – Published: 2025-06-11 03:41 – Updated: 2025-06-11 13:24
VLAI?
Title
WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
Summary
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-DownloadManager |
Affected:
* , ≤ 1.68.10
(semver)
|
Credits
Jamshed Yergashvoyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:24:22.564285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:24:30.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-DownloadManager",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "1.68.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jamshed Yergashvoyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T03:41:52.636Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3294467/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-10T15:30:37.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-DownloadManager \u003c= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4798",
"datePublished": "2025-06-11T03:41:52.636Z",
"dateReserved": "2025-05-15T18:56:10.692Z",
"dateUpdated": "2025-06-11T13:24:30.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13426 (GCVE-0-2024-13426)
Vulnerability from cvelistv5 – Published: 2025-01-22 02:20 – Updated: 2025-01-22 14:32
VLAI?
Title
WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
Summary
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about the database. However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting.
Severity ?
5.4 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:31:49.304617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:32:33.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Polls",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "2.77.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about the database. However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T02:20:24.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b76de574-2627-46cd-9817-134a009ac3bd?source=cve"
},
{
"url": "https://github.com/lesterchan/wp-polls/blob/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e/wp-polls.php#L1378"
},
{
"url": "https://github.com/lesterchan/wp-polls/blob/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e/wp-polls.php#L1416"
},
{
"url": "https://github.com/lesterchan/wp-polls/blob/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e/polls-logs.php#L97"
},
{
"url": "https://github.com/lesterchan/wp-polls/blob/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e/polls-logs.php#L294"
},
{
"url": "https://github.com/WordPress/wordpress-develop/blob/a82874058f58575dbba64ce09b6dcbd43ccf5fdc/src/wp-includes/default-constants.php#L249"
},
{
"url": "https://wordpress.org/plugins/wp-polls/"
},
{
"url": "https://github.com/lesterchan/wp-polls"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3224709%40wp-polls%2Ftrunk\u0026old=2949758%40wp-polls%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-21T14:08:11.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Polls \u003c= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13426",
"datePublished": "2025-01-22T02:20:24.893Z",
"dateReserved": "2025-01-15T19:25:50.224Z",
"dateUpdated": "2025-01-22T14:32:33.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-10006 (GCVE-0-2011-10006)
Vulnerability from cvelistv5 – Published: 2024-04-08 13:00 – Updated: 2024-08-07 00:30
VLAI?
Title
GamerZ WP-PostRatings wp-postratings.php cross site scripting
Summary
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GamerZ | WP-PostRatings |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28 Affected: 1.29 Affected: 1.30 Affected: 1.31 Affected: 1.32 Affected: 1.33 Affected: 1.34 Affected: 1.35 Affected: 1.36 Affected: 1.37 Affected: 1.38 Affected: 1.39 Affected: 1.40 Affected: 1.41 Affected: 1.42 Affected: 1.43 Affected: 1.44 Affected: 1.45 Affected: 1.46 Affected: 1.47 Affected: 1.48 Affected: 1.49 Affected: 1.50 Affected: 1.51 Affected: 1.52 Affected: 1.53 Affected: 1.54 Affected: 1.55 Affected: 1.56 Affected: 1.57 Affected: 1.58 Affected: 1.59 Affected: 1.60 Affected: 1.61 Affected: 1.62 Affected: 1.63 Affected: 1.64 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2011-10006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T17:28:10.894549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:37.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259629 | GamerZ WP-PostRatings wp-postratings.php cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.259629"
},
{
"name": "VDB-259629 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259629"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP-PostRatings",
"vendor": "GamerZ",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28"
},
{
"status": "affected",
"version": "1.29"
},
{
"status": "affected",
"version": "1.30"
},
{
"status": "affected",
"version": "1.31"
},
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.33"
},
{
"status": "affected",
"version": "1.34"
},
{
"status": "affected",
"version": "1.35"
},
{
"status": "affected",
"version": "1.36"
},
{
"status": "affected",
"version": "1.37"
},
{
"status": "affected",
"version": "1.38"
},
{
"status": "affected",
"version": "1.39"
},
{
"status": "affected",
"version": "1.40"
},
{
"status": "affected",
"version": "1.41"
},
{
"status": "affected",
"version": "1.42"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.46"
},
{
"status": "affected",
"version": "1.47"
},
{
"status": "affected",
"version": "1.48"
},
{
"status": "affected",
"version": "1.49"
},
{
"status": "affected",
"version": "1.50"
},
{
"status": "affected",
"version": "1.51"
},
{
"status": "affected",
"version": "1.52"
},
{
"status": "affected",
"version": "1.53"
},
{
"status": "affected",
"version": "1.54"
},
{
"status": "affected",
"version": "1.55"
},
{
"status": "affected",
"version": "1.56"
},
{
"status": "affected",
"version": "1.57"
},
{
"status": "affected",
"version": "1.58"
},
{
"status": "affected",
"version": "1.59"
},
{
"status": "affected",
"version": "1.60"
},
{
"status": "affected",
"version": "1.61"
},
{
"status": "affected",
"version": "1.62"
},
{
"status": "affected",
"version": "1.63"
},
{
"status": "affected",
"version": "1.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GamerZ WP-PostRatings bis 1.64 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei wp-postratings.php. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.65 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6182a5682b12369ced0becd3b505439ce2eb8132 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T13:00:05.786Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259629 | GamerZ WP-PostRatings wp-postratings.php cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.259629"
},
{
"name": "VDB-259629 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259629"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
}
],
"timeline": [
{
"lang": "en",
"time": "2011-02-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2011-02-17T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-07T11:46:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "GamerZ WP-PostRatings wp-postratings.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2011-10006",
"datePublished": "2024-04-08T13:00:05.786Z",
"dateReserved": "2024-04-07T09:40:51.546Z",
"dateUpdated": "2024-08-07T00:30:46.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2941 (GCVE-0-2022-2941)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-05-05 16:17
VLAI?
Summary
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-UserOnline |
Affected:
* , ≤ 2.88.0
(semver)
|
Credits
Juampa Rodríguez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2770235%40wp-useronline\u0026new=2770235%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2941",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:30.549962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:17:42.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-UserOnline",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "2.88.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juampa Rodr\u00edguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the \"Naming Conventions\" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T15:06:13.136Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve"
},
{
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2770235%40wp-useronline\u0026new=2770235%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941"
},
{
"url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-22T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2941",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:17:42.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2473 (GCVE-0-2022-2473)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-05-05 16:18
VLAI?
Summary
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled.
Severity ?
5.5 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-UserOnline |
Affected:
* , ≤ 2.87.6
(semver)
|
Credits
steffin stanly
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758412%40wp-useronline\u0026new=2758412%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/Q3zInrUnAV0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50988"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38893"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38912"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2473",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:33.478823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:28.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-UserOnline",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "2.87.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "steffin stanly"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018templates[browsingpage][text]\u0027 parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T15:06:19.110Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758412%40wp-useronline\u0026new=2758412%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://youtu.be/Q3zInrUnAV0"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473"
},
{
"url": "https://www.exploit-db.com/exploits/50988"
},
{
"url": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38893"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38912"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-19T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2473",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-19T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:18:28.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0238 (GCVE-0-2006-0238)
Vulnerability from cvelistv5 – Published: 2006-01-18 01:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/22/22450-wpstats.txt"
},
{
"name": "ADV-2006-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0192"
},
{
"name": "22450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.lesterchan.net/blogs/"
},
{
"name": "wpstats-script-sql-injection(24163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24163"
},
{
"name": "18471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18471"
},
{
"name": "16241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/22/22450-wpstats.txt"
},
{
"name": "ADV-2006-0192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0192"
},
{
"name": "22450",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.lesterchan.net/blogs/"
},
{
"name": "wpstats-script-sql-injection(24163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24163"
},
{
"name": "18471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18471"
},
{
"name": "16241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability",
"refsource": "CONFIRM",
"url": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability"
},
{
"name": "http://osvdb.org/ref/22/22450-wpstats.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22450-wpstats.txt"
},
{
"name": "ADV-2006-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0192"
},
{
"name": "22450",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22450"
},
{
"name": "http://www.lesterchan.net/blogs/",
"refsource": "CONFIRM",
"url": "http://www.lesterchan.net/blogs/"
},
{
"name": "wpstats-script-sql-injection(24163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24163"
},
{
"name": "18471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18471"
},
{
"name": "16241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0238",
"datePublished": "2006-01-18T01:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}