RSS   Vulnerabilities for 'Landing pages'   RSS

2015-05-27
 
CVE-2015-4065

 

 
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.

 
 
CVE-2015-4064

 

 
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.

 

 >>> Vendor: Landing pages project 2 Products
Landing pages plugin
Landing pages


Copyright 2024, cxsecurity.com

 

Back to Top