6 matches found
CVE-2023-2111
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...
CVE-2023-2111
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...
CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...
CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...
CVE-2023-2111
CVE-2023-2111 affects the WordPress plugin HollerBox (Fast & Effective Popups & Lead-Generation) up to version 2.1.3. The root cause is that user input is concatenated into an SQL query in the plugin’s report API endpoint without proper escaping, enabling potential information disclosure in multi...
WordPress HollerBox Plugin <= 2.1.3 is vulnerable to SQL Injection
Software HollerBox Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2111 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 81f314d3ef98 Credits rSolutions Security Team Required privilege Administrato...