CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection

The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2024-12023

CVE-2024-12023 involves the WordPress plugin FULL – Cliente (versions 3.1.5–3.1.25). The vulnerability is an authenticated SQL Injection via the formId parameter caused by insufficient escaping and lack of prepared statements in the underlying query. It is exploitable by attackers with Subscriber...

CVE-2024-12023 FULL – Cliente 3.1.5 - 3.1.25 - Authenticated (Subscriber+) SQL Injection

The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting

The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting

The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...