5 matches found
WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection
Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...
CVE-2023-0381
The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
CVE-2023-0381
The CVE-2023-0381 issue affects the GigPress WordPress plugin
CVE-2023-0381 GigPress <= 2.3.28 - Subscriber+ SQLi
The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...