4 matches found
CVE-2024-1893
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-1893
CVE-2024-1893 affects the Easy Property Listings WordPress plugin. Time-based SQL Injection is possible in all versions up to 3.5.2 due to insufficient escaping of the property_status shortcode parameter and inadequate query preparation. Authenticated attackers with Contributor+ privileges can in...
CVE-2024-1893 Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection
Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...