3 matches found
CVE-2024-1118 Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118 Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Podlove Subscribe button Plugin <= 1.3.10 is vulnerable to SQL Injection
Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.10 Fixed in 1.3.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1118 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fcca748172f2 Credits Lucio Sá Required privilege Contributor...