3 matches found
CVE-2023-1730
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...
CVE-2023-1730 SupportCandy < 3.1.5 - Unauthenticated SQLi
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...
WordPress SupportCandy Plugin < 3.1.5 is vulnerable to SQL Injection
Software SupportCandy Type Plugin Vulnerable versions 3.1.5 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1730 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 07f317999cc8 Credits dc11 Required privilege Unauthenticated Published 13...