Lucene search
K

5 matches found

Patchstack
Patchstack
added 2024/06/03 12:0 a.m.10 views

WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...

9.9CVSS6.8AI score0.00457EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/01 9:15 a.m.18 views

CVE-2024-3200

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

9.9CVSS9.5AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/06/01 8:38 a.m.44 views

CVE-2024-3200

The CVE-2024-3200 entry concerns the wpForo Forum WordPress plugin. Affected software: wpForo Forum plugin for WordPress, versions up to and including 2.3.3. Root cause: insufficient escaping of the slug parameter in the wpforo shortcode and inadequate SQL query preparation, enabling SQL injectio...

9.9CVSS9.5AI score0.00457EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/01 8:38 a.m.29 views

CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

9.9CVSS9.5AI score0.00457EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/01 8:38 a.m.25 views

CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

9.9CVSS7.3AI score0.00457EPSS
Exploits0References2
Rows per page
Query Builder