2 matches found
CVE-2023-5436
CVE-2023-5436 affects the WordPress Vertical marquee plugin up to version 7.1. The issue is an SQL Injection via the plugin shortcode caused by insufficient escaping and lack of proper query preparation, enabling authenticated attackers with subscriber-level or higher privileges to append additio...
WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to SQL Injection
Software Vertical Marquee Plugin Type Plugin Vulnerable versions = 7.1 Fixed in 7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5436 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0d3867ba4432 Credits István Márton Required privilege Contributor...