WordPress Daily Prayer Time <2022.03.01 - SQL Injection

WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action, available to unauthenticated users, leading to SQL injection. id:...

CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

EUVD-2023-51912

Malicious code in bioql PyPI...

EUVD-2023-31367

Malicious code in bioql PyPI...

EUVD-2023-31368

Malicious code in bioql PyPI...

CVE-2023-27632

Cross-Site Request Forgery CSRF vulnerability in mmrs151 Daily Prayer Time plugin = 2023.03.08 versions...

CVE-2023-27631

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in mmrs151 Daily Prayer Time plugin = 2023.05.04 versions...

CVE-2023-47817

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mmrs151 Daily Prayer Time plugin = 2023.10.13 versions...

CVE-2021-24523

The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues...

CVE-2024-8621

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'maxword' attribute of the 'quranverse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-8621 Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'maxword' attribute of the 'quranverse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

WordPress plugin Daily Prayer Time SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

WordPress Daily Prayer Time plugin <= 2024.08.26 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Daily Prayer Time versions = 2024.08.26...

PT-2024-39136 · WordPress · Daily Prayer Time

Name of the Vulnerable Software and Affected Versions: Daily Prayer Time plugin for WordPress versions up to, and including, 2024.08.26 Description: The issue arises from insufficient escaping on the user-supplied max word attribute of the quran verse shortcode and lack of sufficient preparation ...

WordPress Daily Prayer Time Plugin <= 2024.08.26 is vulnerable to SQL Injection

Software Daily Prayer Time Type Plugin Vulnerable versions = 2024.08.26 Fixed in 2024.09.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8621 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID bdae70687f12 Credits Krzysztof Zając Required privilege...

Daily Prayer Time < 2023.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2023.10.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-47817

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mmrs151 Daily Prayer Time plugin = 2023.10.13 versions...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mmrs151 Daily Prayer Time plugin = 2023.10.13 versions...

CVE-2023-47817

CVE-2023-47817 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin mmrs151 Daily Prayer Time, affecting versions up to 2023.10.13. Public sources confirm improper neutralization of input during web page generation as the root cause. PatchStack documents a fixed release on 2023-1...

CVE-2023-47817 WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mmrs151 Daily Prayer Time plugin = 2023.10.13 versions...