wp-kama 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting, and vendor risk csrf があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-20103 | A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected | [email protected] | 6.3 | 0.72% | 2022-06-27 | 2024-11-21 |
| CVE-2017-18615 | The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. | [email protected] | 6.1 | 0.91% | 2019-09-13 | 2024-11-21 |
| CVE-2017-18614 | The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | [email protected] | 8.1 | 2.01% | 2019-09-13 | 2024-11-21 |
| CVE-2017-18521 | The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. | [email protected] | 8.8 | 0.74% | 2019-08-21 | 2024-11-21 |
| CVE-2017-18520 | The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. | [email protected] | 6.1 | 0.91% | 2019-08-20 | 2024-11-21 |