EUVD-2021-11303

Malware in sbrugna...

CVE-2021-24391

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

WordPress SQL Injection Vulnerability (CNVD-2021-70739)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in versions of the WordPress Cashtomer component prior t...

CVE-2021-24391

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24391

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Sql injection

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24391 Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24391

CVE-2021-24391 – Cashtomer WordPress plugin

WordPress 插件 SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in versions of the WordPress Cashtomer component prior t...

Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=add-social-point=facebookshare=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1 Cache-Control:...

WordPress Cashtomer plugin <= 1.0.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Codevigilant in WordPress Cashtomer plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=add-social-point&id=facebookshare&editid=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1...