CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection

The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection

The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2024-12023

CVE-2024-12023 involves the WordPress plugin FULL – Cliente (versions 3.1.5–3.1.25). The vulnerability is an authenticated SQL Injection via the formId parameter caused by insufficient escaping and lack of prepared statements in the underlying query. It is exploitable by attackers with Subscriber...

CVE-2025-26757 WordPress FULL – Cliente plugin <= 3.1.26 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This issue affects FULL Customer: from n/a through = 3.1.26...

CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting

The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting

The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-6447 FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter

The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related...