5 matches found
CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
CVE-2023-2719 SupportCandy < 3.1.7 - Subscriber+ SQLi
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
CVE-2023-2719
CVE-2023-2719 concerns the WordPress plugin SupportCandy prior to version 3.1.7. The issue is an SQL Injection caused by insufficient sanitization/escaping of the REST API Agent endpoint’s id parameter before it is used in an SQL statement. This can be exploited by users with as little as a Subsc...
WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection
Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2719 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c15c7e980643 Credits dc11 Required privilege Subscriber Published 19 June,...