12 matches found
EUVD-2023-32322
Malicious code in bioql PyPI...
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version = 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the getpopupdata action...
CVE-2024-5799
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks...
WordPress WP Popup Banners Plugin <= 1.2.5 Multiple SQLi Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:wppopupbanners"; if description...
Sql injection
The WP Popup Banners WordPress Plugin, version = 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the getpopupdata action...
WordPress Plugin WP Popup Banners SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WP Popup Banners <= 1.2.5 - Subscriber+ SQLi
The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser while...
CVE-2023-28661
CVE-2023-28661 concerns the WordPress plugin WP Popup Banners (versions ≤ 1.2.5). The vulnerability is an authenticated SQL injection in the get_popup_data action via the value parameter. It is documented as affecting the plugin with a CVSS v3.1 score of 8.8 (High) and impact on confidentiality, ...
WordPress WP Popup Banners Plugin <= 1.2.5 is vulnerable to SQL Injection
Software WP Popup Banners Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1471 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e757b087b40 Credits Etan Imanol Castro Aldrete Required privilege...
CVE-2023-1471 WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection
The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'bannerid' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-1471
CVE-2023-1471 concerns the WordPress plugin WP Popup Banners up to version 1.2.5 . The vulnerability is an SQL Injection via the banner_id parameter caused by insufficient escaping and inadequate query preparation. An authenticated attacker with minimal privileges (e.g., a subscriber) can inject ...
WordPress plugin WP Popup Banners SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Popup...