67 matches found
CVE-2023-41801
CVE-2023-41801 : AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin versions ≤ 4.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability. The issue is mitigated by upgrading to version 4.3.1, which is listed as the fix. Public exploitation details are not provided ...
CVE-2023-41801 WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...
CVE-2023-41801 WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...
WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software AWP Classifieds Type Plugin Vulnerable versions = 4.3 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41801 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 713cc389c4a6 Credits Mika Required privile...
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...
AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection PoC To read the userlogin and userpass columns from the wpusers tabl...
AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection To read the userlogin and userpass columns from the wpusers table:...