CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

Sql injection

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

Easy!Appointments 输入验证错误漏洞

Easy!Appointments is a web-based appointment and schedule management system. An input validation error vulnerability exists in versions of Easy!Appointments prior to 1.5.0, which originates from a redirect that opens up...

PT-2023-22967 · WordPress · Mstore Api +1

Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.9.8 Description: The issue is related to a Blind SQL injection that can be exploited by unauthenticated users. This occurs because a parameter is not properly sanitised and escaped before being...

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

Cross site request forgery (csrf)

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

CVE-2023-2628 KiviCare Management System < 3.2.1 - Multiple CSRF

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

PT-2023-20582 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare WordPress plugin versions prior to 3.2.1 Description: The issue concerns the lack of CSRF checks in various AJAX actions, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. This includes...

CVE-2023-29427

Unauth. Reflected Cross-Site Scripting XSS vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin = 1.0.75 versions...

CVE-2023-29427

Unauth. Reflected Cross-Site Scripting XSS vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin = 1.0.75 versions...

CVE-2023-29427

CVE-2023-29427 – Amelia WordPress plugin : Unauthenticated Reflected Cross-Site Scripting (XSS) in the TMS Booking for Appointments and Events Calendar. Affected versions: Amelia plugin

CVE-2023-29427 WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin = 1.0.75 versions...

CVE-2023-29427 WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin = 1.0.75 versions...

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

CVE-2023-24599

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."...

CVE-2023-24599

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."...

CVE-2023-24599

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."...