215 matches found
WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.6.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in WordPress WCFM – Frontend Manager for WooCommerce plugin versions = 6.6.1. Solution Update the WordPress WCFM – Frontend Manager for WooCommerce plugin to the latest available version at least 6.6.2...
CVE-2021-24849
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
CVE-2021-24849
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
Sql injection
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
CVE-2021-24849
The CVE-2021-24849 entry concerns the WCFM Marketplace WordPress plugin (versions prior to 3.4.12). The wcfm_ajax_controller AJAX action, accessible to both unauthenticated and authenticated users, fails to properly sanitise multiple parameters before including them in SQL queries, enabling SQL i...
WordPress WCFM Marketplace plugin <= 3.4.11 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM Marketplace plugin versions = 3.4.11. Solution Update the WordPress WCFM Marketplace plugin to the latest available version at least 3.4.12...
WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
The wcfmajaxcontroller AJAX action of the plugin, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections PoC v 3.4.11 POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...
WordPress Plugin SQL Injection Vulnerability (CNVD-2021-101478)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in the Wordpress...
CVE-2021-24835
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...
Sql injection
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...
CVE-2021-24835 WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...
CVE-2021-24835
The CVE-2021-24835 entry concerns the WordPress plugin pair: WCFM – Frontend Manager for WooCommerce (versions before 6.5.12) together with WCFM – WooCommerce Multivendor/M marketplace. The flaw is failure to escape the withdrawal_vendor parameter before using it in a SQL statement, enabling SQL ...
WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection
The plugin, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection...
WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.5.11 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM – Frontend Manager for WooCommerce plugin versions = 6.5.11. Solution Update the WordPress WCFM – Frontend Manager for WooCommerce plugin to the latest available version at least 6.5.12...