Lucene search
K

215 matches found

patchstack
patchstack
added 2022/02/19 12:0 a.m.90 views

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.6.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered in WordPress WCFM – Frontend Manager for WooCommerce plugin versions = 6.6.1. Solution Update the WordPress WCFM – Frontend Manager for WooCommerce plugin to the latest available version at least 6.6.2...

3.2AI score
Exploits0References1Affected Software1
osv
osv
added 2021/12/21 9:15 a.m.3 views

CVE-2021-24849

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

9.8CVSS5.8AI score0.0848EPSS
Exploits2References1
nvd
nvd
added 2021/12/21 9:15 a.m.27 views

CVE-2021-24849

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

9.8CVSS0.0848EPSS
Exploits2References1
prion
prion
added 2021/12/21 9:15 a.m.22 views

Sql injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

7.5CVSS9.5AI score0.0848EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2021/12/21 8:45 a.m.25 views

CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

9.9AI score0.0848EPSS
Exploits2References1
cve
cve
added 2021/12/21 8:45 a.m.99 views

CVE-2021-24849

The CVE-2021-24849 entry concerns the WCFM Marketplace WordPress plugin (versions prior to 3.4.12). The wcfm_ajax_controller AJAX action, accessible to both unauthenticated and authenticated users, fails to properly sanitise multiple parameters before including them in SQL queries, enabling SQL i...

9.8CVSS9.6AI score0.0848EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2021/11/22 12:0 a.m.18 views

WordPress WCFM Marketplace plugin <= 3.4.11 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM Marketplace plugin versions = 3.4.11. Solution Update the WordPress WCFM Marketplace plugin to the latest available version at least 3.4.12...

9.8CVSS3AI score0.0848EPSS
Exploits2References3Affected Software1
wpvulndb
wpvulndb
added 2021/11/22 12:0 a.m.31 views

WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

The wcfmajaxcontroller AJAX action of the plugin, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections PoC v 3.4.11 POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.0848EPSS
Exploits2Affected Software1
cnvd
cnvd
added 2021/11/10 12:0 a.m.25 views

WordPress Plugin SQL Injection Vulnerability (CNVD-2021-101478)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in the Wordpress...

8.8CVSS2.6AI score0.01292EPSS
Exploits2References1
nvd
nvd
added 2021/11/08 6:15 p.m.24 views

CVE-2021-24835

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...

8.8CVSS0.01292EPSS
Exploits2References1
prion
prion
added 2021/11/08 6:15 p.m.20 views

Sql injection

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...

6.5CVSS8.8AI score0.01292EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2021/11/08 5:35 p.m.29 views

CVE-2021-24835 WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...

9.2AI score0.01292EPSS
Exploits2References1
cve
cve
added 2021/11/08 5:35 p.m.61 views

CVE-2021-24835

The CVE-2021-24835 entry concerns the WordPress plugin pair: WCFM – Frontend Manager for WooCommerce (versions before 6.5.12) together with WCFM – WooCommerce Multivendor/M marketplace. The flaw is failure to escape the withdrawal_vendor parameter before using it in a SQL statement, enabling SQL ...

8.8CVSS9AI score0.01292EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2021/10/11 12:0 a.m.17 views

WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection

The plugin, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection...

8.8CVSS3.1AI score0.01292EPSS
Exploits2Affected Software1
patchstack
patchstack
added 2021/10/11 12:0 a.m.14 views

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.5.11 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM – Frontend Manager for WooCommerce plugin versions = 6.5.11. Solution Update the WordPress WCFM – Frontend Manager for WooCommerce plugin to the latest available version at least 6.5.12...

3.2AI score0.01292EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder