📦

wassup_plugin

Vendor: wordpress

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.44% Exploit Prob.

Latest CVE CVE-2012-2633 Jun 15

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2012-2633

Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

EPSS: 0.30%

Severity: MEDIUM

Jun 15, 2012

7.5 CVSS

CVE-2008-0520

Exploit Found

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

EPSS: 0.59%

Severity: HIGH

Jan 31, 2008

Displaying 2 of 3 Total Entries

Total 1 Sections