2 matches found
CVE-2023-5000 Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode
The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
WordPress Horizontal scrolling announcements Plugin <= 2.4 is vulnerable to SQL Injection
Software Horizontal scrolling announcements Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5000 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a1ff35c414c3 Credits István Márton Required privilege...