4 matches found
CVE-2024-13426
creationtimestamp| type| source ---|---|--- 2025-01-22 03:01:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2513 2025-01-22 03:16:15+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgcfpce4tn2n 2025-01-22 03:55:13+00:00| seen|...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426
CVE-2024-13426 concerns the WordPress WP-Polls plugin up to version 2.77.2. The issue is an unauthenticated SQL Injection via COOKIE caused by insufficient escaping and inadequate query preparation, allowing an attacker to append additional SQL; the description notes a payload could also inject m...