14 matches found
CVE-2024-13801
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'bafsetnoticestatus' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated...
CVE-2024-13801 BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'bafsetnoticestatus' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated...
CVE-2024-13801
CVE-2024-13801 affects BWL Advanced FAQ Manager for WordPress. The vulnerability arises from a missing capability check on the baf_set_notice_status AJAX action, allowing authenticated users with Subscriber level or higher to modify options to value '1'. This can cause a denial of service by trig...
WordPress BWL Advanced FAQ Manager plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Plugin BWL Advanced FAQ Manager versions = 2.1.4...
CVE-2024-32136
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3...
BWL Advanced FAQ Manager 2.0.3 SQL Injection Vulnerability
Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is a type of securit...
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...
BWL Advanced FAQ Manager 2.0.3 SQL Injection
Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...
CVE-2024-32136
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3...
CVE-2024-32136 WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3...
CVE-2024-32136 WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3...
CVE-2024-32136
CVE-2024-32136 is an SQL Injection vulnerability in the BWL Advanced FAQ Manager plugin for WordPress (affected up to version 2.0.3). The issue allows a remote attacker to influence database queries via the plugin, with an exploitable path requiring network access and authenticated (administrator...
WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ivan Spiridonov Patchstack Alliance in WordPress Plugin BWL Advanced FAQ Manager versions = 2.0.3...
WordPress BWL Advanced FAQ Manager Plugin <= 2.0.3 is vulnerable to SQL Injection
Software BWL Advanced FAQ Manager Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32136 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3156ca152b4d Credits Ivan Spiridonov Required privilege...