Lucene search
K

393 matches found

GithubExploit
GithubExploit
added 2024/10/18 2:30 p.m.118 views

Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search

CVE-2024-9796 WordPress WP-Advanced-Search = 3.3.9 - Unaut...

9.8CVSS9.6AI score0.02991EPSS
Exploits4
Patchstack
Patchstack
added 2024/10/10 8:35 a.m.9 views

WordPress WP-Advanced-Search plugin < 3.3.9.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Wojciech Jezowski in WordPress Plugin WP-Advanced-Search versions 3.3.9.2...

9.8CVSS8.1AI score0.02991EPSS
Exploits4References1Affected Software1
OSV
OSV
added 2024/10/10 8:15 a.m.3 views

CVE-2024-9796

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

9.8CVSS5.8AI score0.02991EPSS
Exploits4References1
NVD
NVD
added 2024/10/10 8:15 a.m.31 views

CVE-2024-9796

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

9.8CVSS0.02991EPSS
Exploits4References1
Cvelist
Cvelist
added 2024/10/10 7:38 a.m.28 views

CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

0.02991EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.6 views

PT-2024-39843 · WordPress · Wp-Advanced-Search

Name of the Vulnerable Software and Affected Versions: WP-Advanced-Search versions prior to 3.3.9.2 Description: The issue arises from the failure to sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. This...

9.8CVSS8.2AI score0.02991EPSS
Exploits4References16
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.7 views

WordPress plugin WP-Advanced-Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS7.6AI score0.02991EPSS
Exploits4References2
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.25 views

WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection

Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...

9.8CVSS6.9AI score0.02991EPSS
Exploits4References3Affected Software1
FreeBSD
FreeBSD
added 2024/08/07 12:0 a.m.26 views

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

8.1CVSS7.3AI score0.00675EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.22 views

GitLab 13.9 < 16.3.6 / 16.4.0 < 16.4.2 / 16.5.0 < 16.5.1 (CVE-2023-5963)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the...

4.3CVSS5.2AI score0.00484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.16 views

GitLab 8.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26416)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions =8.4 to =13.5 to =13.6 to =8.4 to =13.5 to...

4.4CVSS5.2AI score0.00328EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/26 12:31 a.m.9 views

WordPress WP Advanced Search plugin <= 1.1.6 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by fourcade in WordPress Plugin Advanced Search versions = 1.1.6...

4.7CVSS8.1AI score0.00422EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.20 views

WordPress Advanced Search Plugin <= 1.1.6 is vulnerable to SQL Injection

Software Advanced Search Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3265 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1c3388e59d0f Credits fourcade Required privilege Administrator Published ...

4.7CVSS6.8AI score0.00422EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2024/04/25 10:15 p.m.5 views

CVE-2024-3265

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...

4.7CVSS5.8AI score0.00422EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/25 9:25 p.m.19 views

CVE-2024-3265 WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...

7.8AI score0.00422EPSS
Exploits2References1
CVE
CVE
added 2024/04/25 9:25 p.m.71 views

CVE-2024-3265

The CVE-2024-3265 entry affects the WordPress plugin Advanced Search (versions up to and including 1.1.6). The root cause is improper escaping of parameters appended to an SQL query, which can enable an SQL Injection in multisite WordPress configurations when performed by users with the administr...

4.7CVSS9.6AI score0.00422EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.10 views

PT-2024-24743 · WordPress · Advanced Search

Name of the Vulnerable Software and Affected Versions: Advanced Search WordPress plugin versions 1.1.6 and earlier Description: The issue allows users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuration due to improper escaping of...

4.7CVSS9.8AI score0.00422EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.7 views

WordPress plugin Advanced Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

4.7CVSS9.1AI score0.00422EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/04/15 1:14 p.m.4 views

WordPress Advance Search plugin <= 1.1.6 - Shortcode Deletion via CSRF vulnerability

Shortcode Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Advanced Search versions = 1.1.6...

8.7CVSS8.6AI score0.00335EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/15 5:15 a.m.3 views

CVE-2024-2739

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.7CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder