The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
CVE-2016-10987 (persian_woocommerce_sms)
Leave a reply
Author Archives: Bill Murphy
CVE-2016-10990 (cerber_security_antispam_&_malware_scan)
The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
CVE-2016-10985 (echo_sign)
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
CVE-2016-10986 (tweet_wheel)
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.
CVE-2016-10983 (ghost)
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.
