5 matches found
WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection
Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...
CVE-2024-3200
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
CVE-2024-3200
The CVE-2024-3200 entry concerns the wpForo Forum WordPress plugin. Affected software: wpForo Forum plugin for WordPress, versions up to and including 2.3.3. Root cause: insufficient escaping of the slug parameter in the wpforo shortcode and inadequate SQL query preparation, enabling SQL injectio...
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...