WordPress Ad Invalid Click Protector (AICP) Plugin 1.2.9 is vulnerable to Backdoor

Software Ad Invalid Click Protector AICP Type Plugin Vulnerable versions 1.2.9 Fixed in 1.2.10 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 443fcb84403b Credits WordFence Required privilege...

CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

Cross site request forgery (csrf)

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191

The CVE-2022-0191 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin prior to version 1.2.7. The root cause is a missing CSRF check when deleting banned users, allowing a logged-in administrator to remove arbitrary bans via CSRF. Documents confirm this affects the AICP plugin a...

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - Cross-Site Request Forgery (CSRF) vulnerability

Banned users deletion via Cross-Site Request Forgery CSRF vulnerability in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.6. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.7...

WordPress Ad Invalid Click Protector (AICP) plugin SQL injection vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions prior to WordPress Ad Invalid Click Protector AICP plugin 1.2.6, which stems from ...

CVE-2022-0190

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

Sql injection

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

CVE-2022-0190 Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

CVE-2022-0190

The CVE-2022-0190 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin, affected in versions prior to 1.2.6. The root cause is a SQL Injection vulnerability in the id parameter of the delete action, enabling an attacker to manipulate database queries. Impact is described as Parti...

Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

The plugin is affected by a SQL Injection in the id parameter of the delete action. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=aicpbanneduserdetails=delete=0%20OR%201=1%20--%20k...

Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

The plugin is affected by a SQL Injection in the id parameter of the delete action. http://127.0.0.1:8001/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=0%20OR%201=1%20--%20k...

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...