Webmaster Source

webmaster-source

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25073 1Webmaster Source 1Wp125 Nov 21, 2024 Jan 24, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack
CVE-2015-9398 1Webmaster Source 1Gocodes Nov 21, 2024 Sep 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
CVE-2015-9397 1Webmaster Source 1Gocodes Nov 21, 2024 Sep 20, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
CVE-2013-2700 1Webmaster Source 1Wp125 May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests tha...Show more Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.Show less