5 matches found
CVE-2023-5041
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041
The CVE-2023-5041 entry concerns the Track The Click WordPress plugin (versions before 0.3.12). Root cause: improper sanitization of query parameters to the stats REST endpoint, enabling a time-based blind SQL injection in database queries when accessed by an authenticated user with author role o...
CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...
WordPress Track The Click Plugin < 0.3.12 is vulnerable to SQL Injection
Software Track The Click Type Plugin Vulnerable versions 0.3.12 Fixed in 0.3.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5041 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1853e39ba601 Credits Karolis Narvilas Required privilege Author Publish...