B0UG

4 exploits Active since Apr 2018
CVE-2018-10371 EXPLOITDB MEDIUM text WRITEUP
wunderfarm WF Cookie Consent 1.1.3 - Stored Cross-Site Scripting via Page Title
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.
CVSS 6.1
CVE-2018-20556 EXPLOITDB HIGH text WRITEUP
Booking Calendar 8.4.3 - SQL Injection via booking_id Parameter
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
CVSS 8.8
CVE-2018-10309 EXPLOITDB MEDIUM text WRITEUP
Responsive Cookie Consent <1.8 - XSS
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
CVSS 5.4
CVE-2018-10310 EXPLOITDB MEDIUM text WRITEUP
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
CVSS 5.4