34 matches found
CVE-2024-12615
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12614
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2024-12615
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12614
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2024-12615
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12613
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12613
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12615 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12613
CVE-2024-12613 pertains to the WordPress Passwords Manager plugin. The initial description confirms an unauthenticated SQL Injection via the $wpdb->prefix value in several AJAX functions, affecting all versions up to and including 1.4.8, due to insufficient escaping and poor query preparation....
CVE-2024-12615
CVE-2024-12615 affects the Passwords Manager plugin for WordPress. It enables SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to and including 1.4.8 due to insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Exp...
CVE-2024-12615 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12613 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12613 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2024-12614
CVE-2024-12614 affects the Passwords Manager WordPress plugin (versions up to 1.4.8). The issue is a missing capability check on AJAX actions pms_save_setting and post_new_pass, enabling authenticated users with Subscriber+ privileges to modify plugin settings and add passwords. Public sources (W...
CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
WordPress plugin Passwords Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin Passwords Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2025-1912 · WordPress · Passwords Manager
Name of the Vulnerable Software and Affected Versions: Passwords Manager plugin for WordPress versions 1.4.8 and earlier Description: The issue is related to SQL Injection via the $wpdb-prefix value in several AJAX functions due to insufficient escaping on the user supplied parameter and lack of...
WordPress plugin Passwords Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...