9 matches found
CVE-2024-9211
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-12023
CVE-2024-12023 involves the WordPress plugin FULL – Cliente (versions 3.1.5–3.1.25). The vulnerability is an authenticated SQL Injection via the formId parameter caused by insufficient escaping and lack of prepared statements in the underlying query. It is exploitable by attackers with Subscriber...
CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection
The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection
The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
PT-2025-18749 · WordPress +1 · Full – Cliente +2
Name of the Vulnerable Software and Affected Versions: FULL – Cliente plugin for WordPress versions 3.1.5 through 3.1.25 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform SQL Injection via the formId parameter due to insufficient escaping and...
CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9211
The CVE CVE-2024-9211 affects the WordPress plugin FULL – Cliente (≤ 3.1.22). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts when a user is tricked into clicking ...
WordPress plugin FULL – Cliente 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...