cartpauj Mingle Forum (mingle-forum) plugin for Wordpress 1.0.33

CPE Details

cartpauj Mingle Forum (mingle-forum) plugin for Wordpress 1.0.33
cartpauj
mingle-forum
1.0.33
2012-10-09
17h33 +00:00
2014-04-03
13h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cartpauj:mingle-forum:1.0.33:*:*:*:*:*:*:*

Informations

Vendor

cartpauj

Product

mingle-forum

Version

1.0.33

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-0735 2014-04-02 16h00 +00:00 Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
7.5
CVE-2013-0734 2014-03-28 14h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.
4.3
CVE-2013-0736 2013-10-09 22h00 +00:00 Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
6.8