90 matches found
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
WordPress Secure Copy Content Protection and Content Locking plugin SQL injection vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...
WordPress SQL注入漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...
Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection. PoC...
CVE-2021-24484
The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
Sql injection
The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
CVE-2021-24484
The CVE-2021-24484 entry concerns the WordPress plugin Secure Copy Content Protection and Content Locking (versions before 2.6.7). The vulnerability arises in the plugin’s get_reports() function, which did not whitelist/validate the orderby parameter before it is used in SQL statements passed to ...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...