65 matches found
PT-2024-37962 · WordPress · Truebooker
Name of the Vulnerable Software and Affected Versions: The TrueBooker WordPress plugin versions prior to 1.0.3 Description: The issue is related to a SQL injection vulnerability. It occurs because the plugin does not properly sanitise and escape a parameter before using it in a SQL statement via ...
WordPress TrueBooker plugin <= 1.0.2 - Multiple Unauthenticated SQLi vulnerability
Multiple Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin TrueBooker versions = 1.0.2...
WordPress TrueBooker plugin <= 1.0.2 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin TrueBooker versions = 1.0.2...
WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cf1cde3d661 Credits Bob Matyas Required privile...
WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection
Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...