5 matches found
CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
CVE-2024-9828
CVE-2024-9828 affects the Taskbuilder WordPress plugin before 3.0.5. The root cause is failure to sanitize the load_orders input, which is used in a SQL statement, enabling high-privilege users (e.g., admins) to perform SQL Injection. The vulnerability enables partial impact because only input ha...
WordPress Taskbuilder Plugin < 3.0.5 is vulnerable to SQL Injection
Software Taskbuilder Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9828 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2a9c798f6792 Credits Ryoma Yamada Required privilege Administrator Published ...