WordPress Best Books <=2.6.3 - SQL Injection

WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrativ...

CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

VulnCheck KEV: CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

WordPress Bestbooks plugin SQL注入漏洞

WordPress and others are products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. stb and others are products of the WordPress Foundation. stb is a single-file public domain library for C/C. WordPress plugin is an application plugin. WordPress Bestbooks plugin 2.6....

CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

Sql injection

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0827 Bestbooks <= 2.6.3 - Unauthenticated SQLi

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0827

WordPress Best Books plugin (versions up to 2.6.3) contains an SQL injection due to insufficient sanitization/escaping of parameters in an Ajax action. The vulnerability affects the plugin's handling of user-supplied data in SQL statements, enabling unauthenticated attackers to potentially read o...

WordPress plugin Bestbooks SQL注入漏洞

WordPress and others are products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. stb and others are products of the WordPress Foundation. stb is a single-file public domain library for C/C. WordPress plugin is an application plugin. WordPress Bestbooks plugin 2.6....

WordPress Bestbooks plugin <= 2.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Bestbooks plugin versions = 2.6.3. Solution Deactivate and delete. This plugin has been closed as of May 11, 2022 and is not available for download. This closure is temporary, pending a full review...

Bestbooks <= 2.6.3 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data...

Bestbooks <= 2.6.3 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data...