➠ CVE-2017-16955 | InLinks Plugin up to 1.1 on WordPress options-general.php keyword sql injection (ID 145059)
A vulnerability, which was classified as critical, was found in InLinks Plugin up to 1.1. Affected is an unknown function of the file /wp-admin/options-general.php. The manipulation of the argument keyword as part of Parameter leads to sql injection. This vulnerability is traded as CVE-2017-16955. It is possible to launch the attack remotely. There is no exploit available....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2017-16955 | InLinks Plugin up to 1.1 on WordPress options-general.php keyword sql injection (ID 145059)'
CodeSOD: Legacy Horrors
vom 3041.91 Punkte
Today is Halloween, a day filled with chills, horrors, and Jamie Lee Curtis. An interesting aspect of horror movies is how often the roots of the horror lurk in the past. Michael Meyers had been in an asylum for decades before his infamous Halloween ra
CodeSOD: Constant Adventure
vom 2812.52 Punkte
We know that June 7th, 2006 was a long day for Jonas, Rusty's long-ago predecessor. We know that, because Jonas made a big commit that day. It was the day someone told him to stop using magic numbers and switch to named constants.
public static final float FLOA
Comments on private posts could be leaked to other users
vom 2280.81 Punkte
Users who lack visibility to a post are also able to access or view the comments associated with it.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
CodeSOD: I (fort)RAN So Far Away
vom 2204.14 Punkte
Many years ago, Matt left a position where he developed in FORTRAN, and went off to do other things. The company hired a replacement, and since no one else really understood FORTRAN, they assumed things were fine. Over the course of a decade, their dev
Stored XSS and information exposure via wp-mail.php
vom 2059.4 Punkte
User authentication is not properly checked when the WordPress mail is run to prevent stored XSS. Additionally, adding email addresses from post-by-email logs are creating potential for information exposure vulnerability.
This vulnerability affects t
Open redirect in wp_nonce_ays
vom 2058.11 Punkte
The WordPress HTTP referer is not properly validated when a user is redirected.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
CSRF in wp-trackback.php
vom 2055.56 Punkte
Missing authentication settings can lead to CSRF attacks
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
Stored XSS via comment editing
vom 2054.27 Punkte
Missing adequate checks during comment editing can lead to stored XSS attacks.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Leak in content from multipart emails and reverting shared objects for current user
vom 2054.27 Punkte
Reset PHPMailer properties between use to prevent information disclosure and revert shared objects for the current user to also prevent information disclosure
This vulnerability affects the following application versions:
WordPress 3.6
SQL injection within the link API
vom 1975.66 Punkte
The link API in the bookmark is not properly checked against an SQL injection.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Rust in the Linux kernel
vom 1967.16 Punkte
Posted by Wedson Almeida Filho, Android Team In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are also participating in the effort to evaluate the use of Rust as a supported language fo
XSS vulnerability on the plugins screen
vom 1962.12 Punkte
The plugins screen is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.