LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| peters_software | lettermerger | 1.2 |
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| peters_software | random_anti-spam_image | * |