6 matches found
CVE-2024-11722
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-11722
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-11722
creationtimestamp| type| source ---|---|--- 2024-12-21 09:27:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113690099366421366 2024-12-21 10:15:20+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso77bld625 2024-12-21 11:59:19+00:00| seen|...
CVE-2024-11722 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-11722 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-11722
CVE-2024-11722 (Frontend Admin by DynamiApps, WordPress) is an SQL Injection affecting all versions up to 3.25.1, caused by insufficient escaping of the user-supplied orderby parameter and inadequate query preparation. Exploitation requires unauthenticated access with permission to view form subm...