MidnightBSD

Advisories for mg12

CVE-2012-1067 HIGH

SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
mg12 wp-recentcomments 2.0.7
CVE-2012-1068 MEDIUM

Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mg12 wp-recentcomments 2.0.1
mg12 wp-recentcomments 2.0.3
mg12 wp-recentcomments *
mg12 wp-recentcomments 1.8.1
mg12 wp-recentcomments 2.0.2
mg12 wp-recentcomments 1.8
mg12 wp-recentcomments 1.8.2
mg12 wp-recentcomments 2.0
mg12 wp-recentcomments 2.0.6
mg12 wp-recentcomments 2.0.4
mg12 wp-recentcomments 2.0.5