Vulnerability Details CVE-2016-10939
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://lenonleite.com.br/en/blog/2016/12/16/xtreme-locator-dealer-locator-plugin-wordpress-sql-injection/
- https://wordpress.org/plugins/xtremelocator/#developers
- http://lenonleite.com.br/en/blog/2016/12/16/xtreme-locator-dealer-locator-plugin-wordpress-sql-injection/
- https://wordpress.org/plugins/xtremelocator/#developers
Products affected by CVE-2016-10939
-
cpe:2.3:a:xtremelocator:xtremelocator:1.5