2019-08-22 16:15:13 2019-08-26 17:33:53

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Optiontree project Optiontree 1.0.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.5 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.6 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.7 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.7.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.8 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 1.1.8.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.5 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.6 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.7 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.8 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.9 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.10 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.11 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.12 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.13 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.14 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.15 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.0.16 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.1.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.1.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.1.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.1.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.2.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.2.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.2.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.2.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.3.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.3.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.3.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.3.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.3.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.5 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.4.6 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.0 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.1 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.2 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.3 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.4 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.5.5 ~~~wordpress~~ (not an official CPE) Optiontree project Optiontree 2.6.0 ~~~wordpress~~ (not an official CPE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (ID 74)

Related CAPEC 38 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Filter Failure through Buffer Overflow (CAPEC-ID 24) XML Injection (CAPEC-ID 250) Leverage Alternate Encoding (CAPEC-ID 267) HTTP Response Smuggling (CAPEC-ID 273) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) HTTP Response Splitting (CAPEC-ID 34) Manipulating Writeable Terminal Devices (CAPEC-ID 40) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Poison Web Service Registry (CAPEC-ID 51) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) XPath Injection (CAPEC-ID 83) XQuery Injection (CAPEC-ID 84) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91)