65 matches found
PT-2024-37963 · WordPress · Truebooker
Name of the Vulnerable Software and Affected Versions: The TrueBooker WordPress plugin versions prior to 1.0.3 Description: The issue is related to the lack of a CSRF check when updating settings in the plugin. This could allow attackers to make a logged-in admin change settings via a CSRF attack...
WordPress TrueBooker plugin <= 1.0.2 - Multiple Unauthenticated SQLi vulnerability
Multiple Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin TrueBooker versions = 1.0.2...
WordPress TrueBooker plugin <= 1.0.2 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin TrueBooker versions = 1.0.2...
WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection
Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...
WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cf1cde3d661 Credits Bob Matyas Required privile...