4 matches found
CVE-2024-3060
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks...
CVE-2024-3060 ENL Newsletter <= 1.0.1 - Admin+ SQL Injection
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks...
CVE-2024-3060 ENL Newsletter <= 1.0.1 - Admin+ SQL Injection
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks...
WordPress ENL Newsletter Plugin <= 1.0.1 is vulnerable to SQL Injection
Software ENL Newsletter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3060 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 26e4041d5fe0 Credits Bob Matyas Required privilege Administrator Published...