5 matches found
CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-9796
creationtimestamp| type| source ---|---|--- 2024-10-10 10:54:00+00:00| seen| https://t.me/cvedetector/7568 2024-11-16 16:34:12+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/11440 2024-11-17 03:00:58+00:00| published-proof-of-concept| https://t.me/CNArsenal/3460...
CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection
Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...