Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday20 views

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

7.2CVSS7.1AI score0.03229EPSS
Exploits2References3
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.13 views

WordPress AP Pricing Tables Lite Plugin <= 1.1.6 is vulnerable to SQL Injection

Software AP Pricing Tables Lite Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0900 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2904c68cd1aa Credits Simone Onofri Donato Onofri Required privileg...

7.2CVSS6.8AI score0.03229EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.152 views

AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...

7.2CVSS9.8AI score0.03229EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.27 views

AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=ap-pricing-tables-lite-add-new=1'...

6.1CVSS6.2AI score0.00853EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder