6 matches found
CVE-2023-0220
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
CVE-2023-0220
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
CVE-2023-0220 Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
CVE-2023-0220
CVE-2023-0220 affects the Pinpoint Booking System WordPress plugin prior to 2.9.9.2.9. The vulnerability arises from failing to validate/escape a shortcode attribute before using it in a SQL statement, enabling authenticated users with at least subscriber privileges to perform SQL Injection. Mult...
CVE-2023-0220 Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection
Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...