27 matches found
WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions = 14.0.10...
WordPress WZone Plugin <= 14.0.33 is vulnerable to Cross Site Scripting (XSS)
Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33548 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 056b1a28280e Credits Rafie Muhammad Patchstack Required privile...
WordPress WZone Plugin <= 14.0.33 is vulnerable to SQL Injection
Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33546 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 44537a1aade6 Credits Rafie Muhammad Patchstack Required privilege Subscriber...
WordPress WZone Plugin <= 14.0.10 is vulnerable to SQL Injection
Software WZone Type Plugin Vulnerable versions = 14.0.10 Fixed in 14.0.31 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33544 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 102966976300 Credits Rafie Muhammad Patchstack Required privilege...
WordPress WZone Plugin <= 14.0.33 is vulnerable to Broken Access Control
Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33545 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 24bb9a69dcd0 Credits Rafie Muhammad Patchstack Required...
WordPress WZone Plugin <= 14.0.33 is vulnerable to Broken Access Control
Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33547 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0e636c441e01 Credits Rafie Muhammad Patchstack Required...
CVE-2022-27628
Cross-Site Request Forgery CSRF vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions...