9 matches found
VulnCheck KEV: CVE-2024-3495
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2024-3495
CVE-2024-3495 : WordPress plugin Country State City Dropdown CF7 (
WordPress Country State City Dropdown CF7 plugin <= 2.7.2 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Country State City Dropdown CF7 versions = 2.7.2...
WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection
Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof Zając Required privile...
PT-2024-26266
Name of the Vulnerable Software and Affected Versions Country State City Dropdown CF7 plugin for WordPress versions up to and including 2.7.2 Description The Country State City Dropdown CF7 plugin for WordPress is susceptible to SQL Injection through the cnt and sid parameters. Insufficient input...
PT-2024-26377 · WordPress · Country State City Dropdown Cf7
Name of the Vulnerable Software and Affected Versions: The Country State City Dropdown CF7 plugin for WordPress versions up to, and including, 2.7.1 Description: The issue allows authenticated attackers with subscriber access and above to modify data without proper authorization. This is due to a...
WordPress Country State City Dropdown CF7 plugin <= 2.7.1 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Country State City Dropdown CF7 versions = 2.7.1...
WordPress Country State City Dropdown CF7 Plugin <= 2.7.1 is vulnerable to Broken Access Control
Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3520 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bfcec957c70d Credits Lucio Sá...
Carlisting 跨站脚本漏洞
Carlisting is a responsive car listing directory content management system CMS by the phpscriptpoint team. A cross-site scripting vulnerability exists in Carlisting version 1.6, which stems from unknown code in the file search.php, which leads to cross-site scripting via the parameters...