Wp Triggers Lite
Monthly
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.