Lucene search
K

6 matches found

NVD
NVD
added 2023/02/13 3:15 p.m.27 views

CVE-2023-0220

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.8CVSS8.9AI score0.00937EPSS
Exploits2References1
OSV
OSV
added 2023/02/13 3:15 p.m.3 views

CVE-2023-0220

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.8CVSS7.4AI score0.00937EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.6 views

CVE-2023-0220 Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.9AI score0.00937EPSS
Exploits2References1
CVE
CVE
added 2023/02/13 2:32 p.m.64 views

CVE-2023-0220

CVE-2023-0220 affects the Pinpoint Booking System WordPress plugin prior to 2.9.9.2.9. The vulnerability arises from failing to validate/escape a shortcode attribute before using it in a SQL statement, enabling authenticated users with at least subscriber privileges to perform SQL Injection. Mult...

8.8CVSS9AI score0.00937EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.34 views

CVE-2023-0220 Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

9.1AI score0.00937EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.23 views

WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection

Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...

8.8CVSS6.8AI score0.00937EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder