Lucene search
K

4 matches found

CVE
CVE
added 2023/11/06 8:40 p.m.55 views

CVE-2023-5082

The CVE-2023-5082 entry concerns History Log by click5 (WordPress plugin) prior to 1.0.13. The issue is a SQL injection caused by insufficient sanitization/escaping when a parameter is used in an SQL statement, with exploitation described as admin-user-initiated via the Smash Balloon Social Photo...

7.2CVSS7.4AI score0.00676EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/06 8:40 p.m.8 views

CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...

7.3AI score0.00676EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/11/06 8:40 p.m.27 views

CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...

7.5AI score0.00676EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/10/18 12:0 a.m.24 views

WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection

Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...

7.2CVSS6.8AI score0.00676EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder