CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Sql injection

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Sql injection

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5430 Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5430

CVE-2023-5430 : The WordPress plugin “Jquery news ticker” is vulnerable to SQL Injection via the shortcode in versions up to and including 3.0. The issue stems from insufficient escaping of user-supplied input and lack of proper preparation in the SQL query, enabling authenticated attackers with ...

CVE-2023-5430 Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5464

CVE-2023-5464 covers the WordPress plugin “jquery-accordion-slideshow” which is vulnerable to SQL Injection via the plugin shortcode. The issue exists in versions up to and including 8.1 due to insufficient escaping and improper query construction, enabling authenticated attackers with subscriber...

CVE-2023-5464 Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

SUSE CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

SUSE CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

SUSE CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

WordPress Plugin Jquery news ticker SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-32099 · WordPress · Jquery News Ticker Plugin

Name of the Vulnerable Software and Affected Versions: Jquery news ticker plugin for WordPress versions up to, and including, 3.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

WordPress Plugin Jquery accordion slideshow SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress Jquery accordion slideshow Plugin <= 8.1 is vulnerable to SQL Injection

Software Jquery accordion slideshow Type Plugin Vulnerable versions = 8.1 Fixed in 8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5464 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6c3c2c2de4b5 Credits István Márton Required privilege Contributo...

WordPress Jquery news ticker Plugin <= 3.0 is vulnerable to SQL Injection

Software Jquery news ticker Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5430 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f8ae8a455966 Credits István Márton Required privilege Contributor...

Security Bulletin: There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management (CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708)

Summary There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708 Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation ...

Ubuntu 16.04 ESM : IPython vulnerability (USN-4855-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4855-1 advisory. It was discovered that IPython did not properly sanitize certain input. If a user were tricked into opening a specially crafted notebook file, a remote attacker...