11 matches found
EUVD-2021-11404
Malware in sbrugna...
CVE-2021-24492
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
WordPress Handsome Testimonials&Reviews plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...
CVE-2021-24492
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
CVE-2021-24492
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
Sql injection
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
CVE-2021-24492
CVE-2021-24492 affects WordPress plugin Handsome Testimonials & Reviews (
CVE-2021-24492 Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...
Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection
The hndtstactioninstancecallback AJAX call of the plugin, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. curl -i -s -k -X $'POST' \ -H...
WordPress Handsome Testimonials & Reviews <= 2.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Handsome Testimonials & Reviews versions = 2.1.0. Solution Update the WordPress Handsome Testimonials & Reviews to the latest available version at least 2.1.1...