CVE-2024-7150

The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress Slider by 10Web Plugin <= 1.2.57 is vulnerable to SQL Injection

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.57 Fixed in 1.2.58 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7150 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 4ad1a30beb69 Credits Arkadiusz Hydzik Required privilege Contributor...

PT-2024-38112 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web – Responsive Image Slider plugin for WordPress versions up to, and including, 1.2.57 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied...

PT-2024-37602 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin versions prior to 1.2.57 Description: The issue allows high privilege users, such as editors and above, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the lack of...

WordPress plugin Slider by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Cross site request forgery (csrf)

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

PT-2022-25157 · WordPress · Dpd Baltic Shipping

Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping WordPress plugin versions prior to 1.2.57 Description: The issue concerns a lack of authorisation and CSRF protection in an AJAX action. This could allow any authenticated user to delete arbitrary options from the blog,...

AZL-43573 CVE-2017-12652 affecting package libpng12 1.2.57-16

libpng before 1.6.32 does not properly check the length of chunks against the user limit...

AZL-43975 CVE-2010-1205 affecting package libpng12 1.2.57-16

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row...