Lucene search
+L

6 matches found

Patchstack
Patchstack
added 2024/03/19 12:0 a.m.13 views

WordPress Fancy Product Designer Plugin < 6.1.5 is vulnerable to SQL Injection

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0365 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8a2fcc7e3e05 Credits Ivan Spiridonov Required privilege...

6.5CVSS6.8AI score0.00641EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2024/03/18 7:15 p.m.4 views

CVE-2024-0365

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators...

6.5CVSS5.8AI score0.00641EPSS
Exploits2References1
NVD
NVD
added 2024/03/18 7:15 p.m.21 views

CVE-2024-0365

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators...

6.5CVSS7.1AI score0.00641EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/18 7:5 p.m.26 views

CVE-2024-0365 Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators...

7.3AI score0.00641EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/18 7:5 p.m.16 views

CVE-2024-0365 Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators...

7.1AI score0.00641EPSS
Exploits2References1
CVE
CVE
added 2024/03/18 7:5 p.m.91 views

CVE-2024-0365

CVE-2024-0365 affects the WordPress plugin Fancy Product Designer prior to version 6.1.5. The issue arises from improper sanitisation/escaping of a parameter before it is used in a SQL statement, leading to a SQL injection that is exploitable by administrators. Affected versions:

6.5CVSS6.7AI score0.00641EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder