71 matches found
CVE-2023-51423
CVE-2023-51423 affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings (WebinarIgnition) up to version 3.05.0. The issue is an unauthenticated SQL Injection caused by improper neutralization of input in SQL commands, enabling an attacker to execute arbitra...
CVE-2023-51423 WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instan...
CVE-2023-51422
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...
CVE-2023-51422 WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...
WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection
Software WebinarIgnition Type Plugin Vulnerable versions = 3.05.0 Fixed in 3.05.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-51423 Patch priority High CVSS severity High 9.3 Developer Tobias PSID 4af5f3a4f181 Credits Rafie Muhammad Patchstack Required privilege...
WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection
Software WebinarIgnition Type Plugin Vulnerable versions = 3.05.0 Fixed in 3.05.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-51422 Patch priority High CVSS severity High 9.9 Developer Tobias PSID 079b96cbbb6e Credits Rafie Muhammad Patchstack Required privilege...
WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to Privilege Escalation
Software WebinarIgnition Type Plugin Vulnerable versions = 3.05.0 Fixed in 3.05.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51424 Patch priority High CVSS severity High 9.8 Developer Tobias PSID 3efa2fc5ee63 Credits Rafie Muhammad...
WordPress WebinarIgnition Plugin < 3.01.3 is vulnerable to Cross Site Scripting (XSS)
Software WebinarIgnition Type Plugin Vulnerable versions 3.01.3 Fixed in 3.01.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Tobias PSID 30c1e2f35176 Credits Rafie Muhammad Patchstack Required...
CVE-2023-25023 WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Saleswonder.Biz Webinar ignition plugin = 2.14.2 versions...
WebinarIgnition < 2.14.3 - Admin+ Stored XSS
The plugin does not sanitise and escape the appname and webinardesc parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS)
Software WebinarIgnition Type Plugin Vulnerable versions = 2.14.2 Fixed in 2.14.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25023 Patch priority Low CVSS severity Low 5.9 Developer Tobias PSID 33feb79d5847 Credits yuyudhn Required privilege...