4 matches found
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...
WordPress AP Pricing Tables Lite Plugin <= 1.1.6 is vulnerable to SQL Injection
Software AP Pricing Tables Lite Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0900 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2904c68cd1aa Credits Simone Onofri Donato Onofri Required privileg...
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...
AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=ap-pricing-tables-lite-add-new=1'...