393 matches found
Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search
CVE-2024-9796 WordPress WP-Advanced-Search = 3.3.9 - Unaut...
WordPress WP-Advanced-Search plugin < 3.3.9.2 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Wojciech Jezowski in WordPress Plugin WP-Advanced-Search versions 3.3.9.2...
CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
PT-2024-39843 · WordPress · Wp-Advanced-Search
Name of the Vulnerable Software and Affected Versions: WP-Advanced-Search versions prior to 3.3.9.2 Description: The issue arises from the failure to sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. This...
WordPress plugin WP-Advanced-Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection
Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...
GitLab 13.9 < 16.3.6 / 16.4.0 < 16.4.2 / 16.5.0 < 16.5.1 (CVE-2023-5963)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the...
GitLab 8.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26416)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions =8.4 to =13.5 to =13.6 to =8.4 to =13.5 to...
WordPress WP Advanced Search plugin <= 1.1.6 - Admin+ SQL Injection vulnerability
Admin+ SQL Injection vulnerability discovered by fourcade in WordPress Plugin Advanced Search versions = 1.1.6...
WordPress Advanced Search Plugin <= 1.1.6 is vulnerable to SQL Injection
Software Advanced Search Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3265 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1c3388e59d0f Credits fourcade Required privilege Administrator Published ...
CVE-2024-3265
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...
CVE-2024-3265 WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...
CVE-2024-3265
The CVE-2024-3265 entry affects the WordPress plugin Advanced Search (versions up to and including 1.1.6). The root cause is improper escaping of parameters appended to an SQL query, which can enable an SQL Injection in multisite WordPress configurations when performed by users with the administr...
PT-2024-24743 · WordPress · Advanced Search
Name of the Vulnerable Software and Affected Versions: Advanced Search WordPress plugin versions 1.1.6 and earlier Description: The issue allows users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuration due to improper escaping of...
WordPress plugin Advanced Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress Advance Search plugin <= 1.1.6 - Shortcode Deletion via CSRF vulnerability
Shortcode Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Advanced Search versions = 1.1.6...
CVE-2024-2739
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...