3 matches found
CVE-2023-2188 Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id
The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-2188
The CVE-2023-2188 entry concerns the WordPress Colibri Page Builder plugin. Affected software: Colibri Page Builder for WordPress, versions up to and including 1.0.227. Root cause: insufficient escaping of the post_id parameter and inadequate preparation of the existing SQL query, enabling SQL In...
WordPress Colibri Page Builder Plugin <= 1.0.227 is vulnerable to SQL Injection
Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.227 Fixed in 1.0.229 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2188 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID c1922d4070dd Credits Marco Wotschka Required privilege...