EUVD-2023-34173

Malicious code in bioql PyPI...

CVE-2023-2636

The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

WordPress AN_Gradebook 5.0.1 SQL Injection

!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...

Sql injection

The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

CVE-2023-2636 AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

CVE-2023-2636

The CVE-2023-2636 entry concerns the WordPress plugin AN_GradeBook (up to version 5.0.1). The vulnerability arises because a parameter is not properly sanitized/escaped before being used in a SQL statement, enabling SQL injection. The impact is a potentially high-severity breach with the attack s...

WordPress plugin AN_GradeBook SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Cross site scripting

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2709

The CVE-2023-2709 entry relates to the AN_GradeBook WordPress plugin (≤ 5.0.1). It is a Stored XSS vulnerability caused by insufficient sanitization/escaping of certain settings, enabling a high-privilege user (e.g., an admin) to inject scripts even when unfiltered_html is disallowed (including m...

CVE-2023-2709 AN_GradeBook <= 5.0.1 - Admin+ XSS

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2709 AN_GradeBook <= 5.0.1 - Admin+ XSS

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin AN_GradeBook 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress AN_GradeBook Plugin <= 5.0.1 is vulnerable to SQL Injection

Software ANGradeBook Type Plugin Vulnerable versions = 5.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2636 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3bf8fa61c014 Credits Lukas Kinneberg Required privilege Subscriber Publishe...

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber Access the following URL to demonstrate SQLi:...

WordPress AN_GradeBook Plugin <= 5.0.1 is vulnerable to Cross Site Scripting (XSS)

Software ANGradeBook Type Plugin Vulnerable versions = 5.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2709 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d35c35babbf4 Credits Bob Matyas Required privilege...

AN_GradeBook <= 5.0.1 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. When adding a new course in the plugin...

AN_GradeBook <= 5.0.1 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. When adding a new course in the plugin setting...