Lucene search
+L

4 matches found

nvd
nvd
added 2024/04/09 7:15 p.m.17 views

CVE-2024-1893

The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS8.7AI score0.00773EPSS
Exploits0References3
cve
cve
added 2024/04/09 6:59 p.m.63 views

CVE-2024-1893

CVE-2024-1893 affects the Easy Property Listings WordPress plugin. Time-based SQL Injection is possible in all versions up to 3.5.2 due to insufficient escaping of the property_status shortcode parameter and inadequate query preparation. Authenticated attackers with Contributor+ privileges can in...

8.8CVSS9.3AI score0.00773EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2024/04/09 6:59 p.m.22 views

CVE-2024-1893 Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode

The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS8.9AI score0.00773EPSS
Exploits0References3
patchstack
patchstack
added 2024/03/22 12:0 a.m.17 views

WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection

Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...

8.8CVSS7.2AI score0.00773EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder