Infographic Maker iList < 4.3.8 - SQL Injection

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection. id: CVE-2022-0747 info:...

WordPress AI Infographic Maker plugin <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Infographic Maker – iList versions = 4.9.0...

WordPress Infographic Maker iList plugin <= 4.7.4 - Authenticated Arbitrary Title Update vulnerability

Authenticated Arbitrary Title Update vulnerability discovered by Lucio Sá in WordPress Plugin Infographic Maker – iList versions = 4.7.4...

WordPress Infographic Maker – iList Plugin <= 4.7.4 is vulnerable to Broken Access Control

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5858 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6989eeefac46 Credits Lucio Sá Required...

CVE-2024-32696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...

CVE-2024-32696

CVE-2024-32696 affects AI Infographic Maker (Infographic and List Builder iList). It is an authenticated Stored XSS due to improper input neutralization during web page generation. Affected versions shown as ≤ 4.6.6 in the initial document; connected document indicates a fix was released in 4.6.7...

PT-2024-24782 · Unknown · Infographic Maker – Ilist

Name of the Vulnerable Software and Affected Versions: Infographic Maker – iList versions n/a through 4.6.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: Fo...

WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection PoC curl https://example.com/wp-admin/admin-ajax.php --data...

WordPress Infographic Maker – iList plugin <= 4.3.7 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Infographic Maker – iList plugin versions = 4.3.7. Solution Update the WordPress Infographic Maker – iList plugin to the latest available version at least 4.3.8...

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...