20 matches found
CVE-2026-3334
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability
Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...
CVE-2026-3334
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334
The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
WordPress plugin CMS Commander SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
Authorization
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2023-3325
CVE-2023-3325 : The CMS Commander plugin for WordPress (versions ≤ 2.287) has an authorization bypass caused by a non-unique cryptographic signature on cmsc_add_site, enabling unauthenticated attackers to modify the _cmsc_public_key and gain access to the plugin’s remote-control capabilities (e.g...
CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
WordPress CMS Commander Plugin <= 2.287 is vulnerable to Broken Access Control
Software CMS Commander Type Plugin Vulnerable versions = 2.287 Fixed in 2.288 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3325 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 74937eb26e46 Credits Lana Codes Required privilege...
PT-2023-24244 · WordPress · Cms Commander
Name of the Vulnerable Software and Affected Versions: CMS Commander plugin for WordPress versions up to, and including, 2.287 Description: The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site functio...
WordPress Plugin CMS Commander 安全特征问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security signature issue...
CMS Commander < 2.288 - Unauthenticated Authorisation Bypass
The plugin does not use a sufficient unique cryptographic signature in its cmscaddsite feature, which could allow unauthenticated users to update the cmscpublickey settings when the plugin has not been configured yet, and get access to the plugin's remote control features such as creating an...
WordPress CMS Commander Client Plugin unauthenticated PHP Object injection vulnerability
Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the CMS Commander Client WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitra...
CMS Commander Client <= 2.21 - Unauthenticated PHP Object Injection
The CMS Commander – Manage Multiple Sites WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...