8 matches found
CVE-2023-5041
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041
The CVE-2023-5041 entry concerns the Track The Click WordPress plugin (versions before 0.3.12). Root cause: improper sanitization of query parameters to the stats REST endpoint, enabling a time-based blind SQL injection in database queries when accessed by an authenticated user with author role o...
PT-2024-13936 · WordPress · Track The Click
Name of the Vulnerable Software and Affected Versions: The Track The Click WordPress plugin versions prior to 0.3.12 Description: The issue arises from the plugin's failure to properly sanitize query parameters to the stats REST endpoint before using them in a database query. This allows a...
WordPress Plugin Track The Click Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
WordPress Track The Click Plugin < 0.3.12 is vulnerable to SQL Injection
Software Track The Click Type Plugin Vulnerable versions 0.3.12 Fixed in 0.3.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5041 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1853e39ba601 Credits Karolis Narvilas Required privilege Author Publish...
Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
Description The plugin does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. Version 0.3.11 changes the API endpoint to only be...