45 matches found
WordPress plugin Advanced Booking Calendar SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Advanced Booking Calendar version prior to...
WordPress plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...
CVE-2021-46200
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php...
PT-2021-22549 · WordPress · Credova Financial
Name of the Vulnerable Software and Affected Versions: Credova Financial WordPress plugin versions up to, and including, 1.4.8 Description: The Credova Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a sit...
CVE-2021-24163
The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...