MidnightBSD

Advisories for webmaster-source

CVE-2013-2700 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
webmaster-source wp125 1.4.7
webmaster-source wp125 1.4.1
webmaster-source wp125 *
webmaster-source wp125 1.3.9
webmaster-source wp125 1.1.0
webmaster-source wp125 1.3.0
webmaster-source wp125 1.4.5
webmaster-source wp125 1.4.2
webmaster-source wp125 1.4.4
webmaster-source wp125 1.4.0
webmaster-source wp125 1.4.6
webmaster-source wp125 1.2.0
webmaster-source wp125 1.3.8
webmaster-source wp125 1.0.0
webmaster-source wp125 1.4.3
webmaster-source wp125 1.4.8
webmaster-source wp125 1.3.7
CVE-2015-9397 LOW

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
webmaster-source gocodes *
CVE-2015-9398 MEDIUM

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
webmaster-source gocodes *
CVE-2021-25073 MEDIUM

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
webmaster-source wp125 *