Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-32322

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00872EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.4 views

CVE-2023-28661

The WP Popup Banners WordPress Plugin, version = 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the getpopupdata action...

8.8CVSS7.7AI score0.00872EPSS
Exploits2References1
OSV
OSV
added 2024/09/12 6:15 a.m.3 views

CVE-2024-5799

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00312EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.17 views

WordPress WP Popup Banners Plugin <= 1.2.5 Multiple SQLi Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:wppopupbanners"; if description...

8.8CVSS7.2AI score0.0094EPSS
Exploits2References2
Prion
Prion
added 2023/03/22 9:15 p.m.19 views

Sql injection

The WP Popup Banners WordPress Plugin, version = 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the getpopupdata action...

6.5CVSS8.9AI score0.00872EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.2 views

WordPress Plugin WP Popup Banners SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.6AI score0.00872EPSS
Exploits2References3
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.90 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser while...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
CVE
CVE
added 2023/03/22 12:0 a.m.61 views

CVE-2023-28661

CVE-2023-28661 concerns the WordPress plugin WP Popup Banners (versions ≤ 1.2.5). The vulnerability is an authenticated SQL injection in the get_popup_data action via the value parameter. It is documented as affecting the plugin with a CVSS v3.1 score of 8.8 (High) and impact on confidentiality, ...

8.8CVSS8.9AI score0.00872EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.13 views

WordPress WP Popup Banners Plugin <= 1.2.5 is vulnerable to SQL Injection

Software WP Popup Banners Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1471 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e757b087b40 Credits Etan Imanol Castro Aldrete Required privilege...

8.8CVSS6.8AI score0.0094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 1:8 p.m.8 views

CVE-2023-1471 WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection

The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'bannerid' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS6.9AI score0.0094EPSS
Exploits0References3
CVE
CVE
added 2023/03/17 1:8 p.m.60 views

CVE-2023-1471

CVE-2023-1471 concerns the WordPress plugin WP Popup Banners up to version 1.2.5 . The vulnerability is an SQL Injection via the banner_id parameter caused by insufficient escaping and inadequate query preparation. An authenticated attacker with minimal privileges (e.g., a subscriber) can inject ...

8.8CVSS6.9AI score0.0094EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.6 views

WordPress plugin WP Popup Banners SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Popup...

8.8CVSS7.2AI score0.0094EPSS
Exploits0References4
Rows per page
Query Builder