Lucene search
K

5 matches found

Patchstack
Patchstack
added 2023/02/28 12:0 a.m.10 views

WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection

Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...

8.8CVSS7.2AI score0.01301EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2023/02/27 4:15 p.m.59 views

CVE-2023-0381

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.8CVSS8.9AI score0.01301EPSS
Exploits2References1
CVE
CVE
added 2023/02/27 3:24 p.m.70 views

CVE-2023-0381

The CVE-2023-0381 issue affects the GigPress WordPress plugin

8.8CVSS9AI score0.01301EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/27 3:24 p.m.8 views

CVE-2023-0381 GigPress <= 2.3.28 - Subscriber+ SQLi

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

7.6AI score0.01301EPSS
Exploits2References1
Wordfence Blog
Wordfence Blog
added 2023/02/16 3:21 p.m.165 views

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

0.24263EPSS
Exploits17
Rows per page
Query Builder