Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/05/23 6:56 a.m.8 views

CVE-2024-11722

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

5.9CVSS7.5AI score0.00604EPSS
Exploits0References1
nvd
nvd
added 2024/12/21 10:15 a.m.21 views

CVE-2024-11722

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

5.9CVSS0.00604EPSS
Exploits0References3
circl
circl
added 2024/12/21 9:27 a.m.19 views

CVE-2024-11722

creationtimestamp| type| source ---|---|--- 2024-12-21 09:27:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113690099366421366 2024-12-21 10:15:20+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso77bld625 2024-12-21 11:59:19+00:00| seen|...

5.9CVSS8.7AI score0.00604EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/12/21 9:23 a.m.15 views

CVE-2024-11722 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

5.9CVSS6AI score0.00604EPSS
Exploits0References3
cvelist
cvelist
added 2024/12/21 9:23 a.m.24 views

CVE-2024-11722 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

5.9CVSS0.00604EPSS
Exploits0References3
cve
cve
added 2024/12/21 9:23 a.m.68 views

CVE-2024-11722

CVE-2024-11722 (Frontend Admin by DynamiApps, WordPress) is an SQL Injection affecting all versions up to 3.25.1, caused by insufficient escaping of the user-supplied orderby parameter and inadequate query preparation. Exploitation requires unauthenticated access with permission to view form subm...

5.9CVSS6AI score0.00604EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder