5 matches found
CVE-2023-4939
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...
CVE-2023-4939
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...
CVE-2023-4939
The SALESmanago WordPress plugin (
CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...
WordPress SALESmanago Plugin <= 3.2.4 is vulnerable to Other Vulnerability Type
Software SALESmanago Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2023-4939 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 32669bebc244 Credits Francesco Carlucci Required privilege...