Lucene search
+L

4 matches found

Circl
Circl
added 2025/01/22 3:1 a.m.8 views

CVE-2024-13426

creationtimestamp| type| source ---|---|--- 2025-01-22 03:01:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2513 2025-01-22 03:16:15+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgcfpce4tn2n 2025-01-22 03:55:13+00:00| seen|...

5.4CVSS7.3AI score0.00461EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/22 2:20 a.m.24 views

CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...

5.4CVSS0.00461EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/01/22 2:20 a.m.14 views

CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...

5.4CVSS7.4AI score0.00461EPSS
Exploits0References9
CVE
CVE
added 2025/01/22 2:20 a.m.68 views

CVE-2024-13426

CVE-2024-13426 concerns the WordPress WP-Polls plugin up to version 2.77.2. The issue is an unauthenticated SQL Injection via COOKIE caused by insufficient escaping and inadequate query preparation, allowing an attacker to append additional SQL; the description notes a payload could also inject m...

5.4CVSS5.9AI score0.00461EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder