Lucene search
K

8 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Information Reel < 10.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS7.5AI score0.00797EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/10/31 9:15 a.m.3 views

CVE-2023-5429

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS5.8AI score0.00797EPSS
Exploits1References3
NVD
NVD
added 2023/10/31 9:15 a.m.25 views

CVE-2023-5429

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.7AI score0.00797EPSS
Exploits1References3
Prion
Prion
added 2023/10/31 9:15 a.m.20 views

Sql injection

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.00797EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/31 8:32 a.m.31 views

CVE-2023-5429 Information Reel <= 10.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.8AI score0.00797EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.5 views

WordPress Plugin Information Reel SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.7AI score0.00797EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-32098 · WordPress · Information Reel

Name of the Vulnerable Software and Affected Versions: Information Reel plugin for WordPress versions up to, and including, 10.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

8.8CVSS6.9AI score0.00797EPSS
Exploits1References6
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.13 views

WordPress Information Reel Plugin <= 10.0 is vulnerable to SQL Injection

Software Information Reel Type Plugin Vulnerable versions = 10.0 Fixed in 10.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5429 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c905ec2711b0 Credits István Márton Required privilege Contributor...

8.8CVSS6.8AI score0.00797EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder