2 matches found
CVE-2024-12428
CVE-2024-12428 concerns the WP Data Access – App, Table, Form and Chart Builder WordPress plugin. The vulnerability is an unauthenticated SQL Injection via the parameter order[user_login][dir], exploitable in all versions up to and including 5.5.22, caused by insufficient escaping of the user-sup...
CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection
The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderuserlogindir' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...