EUVD-2024-45415

Malicious code in bioql PyPI...

EUVD-2024-30512

Malicious code in bioql PyPI...

EUVD-2024-29254

Malicious code in bioql PyPI...

CVE-2024-32725

Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.2.67...

CVE-2024-51579

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.4.01...

CVE-2024-31358

Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.2.67...

CVE-2024-51579

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.4.01...

CVE-2024-51579

CVE-2024-51579 is a SQL Injection vulnerability in the WordPress plugin 5 Stars Rating Funnel (Builds up to 1.4.01). The issue arises from insufficient escaping of user-supplied input and lack of proper query preparation, enabling an authenticated attacker with Contributor+ privileges to potentia...

CVE-2024-51579 WordPress 5 Stars Rating Funnel plugin <=1.4.01 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.4.01...

WordPress 5 Stars Rating Funnel plugin <=1.4.01 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin 5 Stars Rating Funnel versions = 1.4.01...

WordPress 5 Stars Rating Funnel Plugin <=1.4.01 is vulnerable to SQL Injection

Software 5 Stars Rating Funnel Type Plugin Vulnerable versions =1.4.01 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51579 Patch priority Low CVSS severity Low 8.5 Developer Tobias PSID a5f214d4be7a Credits Trương Hữu Phúc truonghuuphuc Required privilege...

CVE-2024-32725

Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through = 1.2.67...

CVE-2024-32725

CVE-2024-32725 is a Missing Authorization vulnerability in the WordPress plugin 5 Stars Rating Funnel (5-stars-rating-funnel) affecting versions up to 1.2.67. The connected records indicate this is a publicly tracked issue with a patched status (patch details not provided in the sources). The CVE...

CVE-2024-32725 WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67...

5 Stars Rating Funnel < 1.3.02 - Missing Authorization

Description The 5 Stars Rating Funnel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the includes/RRTNGGAjax.php file in versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform...

WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin 5 Stars Rating Funnel versions = 1.2.67...

PT-2024-24002 · Unknown · 5 Stars Rating Funnel

Name of the Vulnerable Software and Affected Versions: 5 Stars Rating Funnel versions 1.2.67 and earlier Description: The issue is related to a Missing Authorization vulnerability in the 5 Stars Rating Funnel. Recommendations: For versions 1.2.67 and earlier, update to a version that includes the...

WordPress 5 Stars Rating Funnel Plugin <= 1.2.67 is vulnerable to Arbitrary Content Deletion

Software 5 Stars Rating Funnel Type Plugin Vulnerable versions = 1.2.67 Fixed in 1.3.02 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-31358 Patch priority Medium CVSS severity Medium 7.5 Developer Tobias PSID bd96c1e147ac Credits Emili Castells...

5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi

Description The plugin does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using...

WordPress 5 Stars Rating Funnel plugin <= 1.2.50 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress 5 Stars Rating Funnel plugin versions = 1.2.50. Solution Update the WordPress 5 Stars Rating Funnel plugin to the latest available version at least 1.2.51...