20 matches found
EUVD-2023-53738
Malicious code in bioql PyPI...
CVE-2023-49830
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
CVE-2023-49830
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
CVE-2023-49830
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
Code injection
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
CVE-2023-49830
CVE-2023-49830 concerns Brainstorm Force Astra Pro Addon (vulnerable: Astra Pro
CVE-2023-49830 WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
Astra Pro < 4.3.2 - Authenticated(Contributor+) Remote Code Execution via Metabox
Description The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the serv...
WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
Software Astra Pro Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-49830 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4758946ebae8 Credits Rafie Muhammad Patchstack Required...
WordPress Astra Pro Addon Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Astra Pro Addon Plugin versions prior to 3.5.2, which stems...
CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
Sql injection
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
CVE-2021-24507
The CVE-2021-24507 case concerns the Astra Pro Addon WordPress plugin prior to 3.5.2, where POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX actions were not properly sanitised/escaped before being used in SQL statements. This (server-side) vulnerability ...
CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Astra Pro Addon Plugin versions prior to 3.5.2, which stems...
WordPress Astra Pro premium plugin <= 3.5.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Ngoc Nguyen in WordPress Astra Pro premium plugin versions = 3.5.1. Solution Update the WordPress Astra Pro premium plugin to the latest available version at least 3.5.2...
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues PoC Via...
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues Via...