CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2024-13726

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

CSRF to Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Coder versions = 3.6...

CVE-2024-12402

CVE-2024-12402 impacts the Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress. The root cause is insecure direct object reference: the plugin does not properly validate a user’s identity before password updates in update_user_profile(), enabling unauthenticate...

WordPress Themes Coder plugin <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Themes Coder versions = 1.3.4...

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Sql injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress WP Coder plugin <= 2.5.1 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability

Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Coder plugin versions = 2.5.1. Solution Update the WordPress WP Coder plugin to the latest available version at least 2.5.2...