ning1022

4 exploits Active since Aug 2017
CVE-2017-12068 WRITEUP MEDIUM WRITEUP
Event List 0.7.9 - Cross-Site Scripting via Slug Array Parameter in Delete Bulk Action
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
CVSS 6.1
CVE-2017-12131 WRITEUP MEDIUM WRITEUP
Easy Testimonials plugin 3.0.4 - WordPress - XSS
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.
CVSS 6.1
CVE-2017-12199 WRITEUP CRITICAL WRITEUP
Etoile Ultimate Product Catalog <4.2.11 - SQL Injection
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
CVSS 9.8
CVE-2017-12200 WRITEUP MEDIUM WRITEUP
Etoile Ultimate Product Catalog <4.2.11 - XSS
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
CVSS 6.1