WordPress Ad Invalid Click Protector (AICP) Plugin 1.2.9 is vulnerable to Backdoor

Software Ad Invalid Click Protector AICP Type Plugin Vulnerable versions 1.2.9 Fixed in 1.2.10 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 443fcb84403b Credits WordFence Required privilege...

Cross site request forgery (csrf)

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - Cross-Site Request Forgery (CSRF) vulnerability

Banned users deletion via Cross-Site Request Forgery CSRF vulnerability in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...

WordPress Ad Invalid Click Protector (AICP) plugin SQL injection vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions prior to WordPress Ad Invalid Click Protector AICP plugin 1.2.6, which stems from ...

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...