3 matches found
CVE-2024-1793
CVE-2024-1793 : The AWeber – Free Sign Up Form and Landing Page Builder Plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in all versions up to and including 7.3.14 due to insufficient escaping of user input and insufficient preparation of the SQL query. An authenticat...
CVE-2024-1793 AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection
The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...
WordPress AWeber Plugin <= 7.3.14 is vulnerable to SQL Injection
Software AWeber Type Plugin Vulnerable versions = 7.3.14 Fixed in 7.3.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1793 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 513a38e6fbe9 Credits Kunal Sharma Required privilege Administrator Published 1...