EUVD-2021-11308

Malware in sbrugna...

CVE-2021-24396

A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Sql injection

A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24396 GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24396

CVE-2021-24396 affects the WordPress GSEOR plugin (versions up to 1.3). The pageid GET parameter is not sanitized/escaped/validated before being inserted into a SQL statement, enabling an SQL injection. Some sources describe this as an authenticated SQLi vulnerability. PatchStack notes the plugin...

GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=gseor.php=1=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1...

GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=gseor.php&search=1&pageid=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0...

WordPress GSEOR plugin <= 1.3 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress GSEOR plugin versions = 1.3. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...