2 matches found
CVE-2023-5430
CVE-2023-5430 : The WordPress plugin “Jquery news ticker” is vulnerable to SQL Injection via the shortcode in versions up to and including 3.0. The issue stems from insufficient escaping of user-supplied input and lack of proper preparation in the SQL query, enabling authenticated attackers with ...
CVE-2023-5430 Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...