3 matches found
WordPress WP Popup Banners Plugin <= 1.2.5 Multiple SQLi Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:wppopupbanners"; if description...
WordPress WP Popup Banners Plugin <= 1.2.5 is vulnerable to SQL Injection
Software WP Popup Banners Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1471 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e757b087b40 Credits Etan Imanol Castro Aldrete Required privilege...
CVE-2023-1471
CVE-2023-1471 concerns the WordPress plugin WP Popup Banners up to version 1.2.5 . The vulnerability is an SQL Injection via the banner_id parameter caused by insufficient escaping and inadequate query preparation. An authenticated attacker with minimal privileges (e.g., a subscriber) can inject ...