7 matches found
Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2023-1020 info: name: Steveas WP Live Chat Shoutbox = 1.4.2 - SQL...
CVE-2023-1020
creationtimestamp| type| source ---|---|--- 2023-04-24 22:19:40+00:00| seen| https://t.me/cibsecurity/62747 2023-07-26 14:24:11+00:00| published-proof-of-concept| https://t.me/codeb0ss/958 2025-02-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-22...
CVE-2023-1020
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2023-1020
The CVE-2023-1020 entry concerns the WordPress plugin Steveas WP Live Chat Shoutbox, affected in versions up to 1.4.2. The root cause is a SQL injection vulnerability caused by unsanitized/uncleaned parameters in an AJAX action accessible to unauthenticated users, enabling arbitrary SQL execution...
CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to SQL Injection
Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1020 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 176c8169feb6 Credits Simone Onofri Donato Onofri Required...