Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Patchstack
Patchstackadded 2022/05/02 12:0 a.m.17 views

WordPress Nirweb support plugin <= 2.7.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Nirweb support plugin versions = 2.7.9. Solution Update the WordPress Nirweb support plugin to the latest available version at least 2.8.2...

9.8CVSS2.7AI score0.82918EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDBadded 2022/05/02 12:0 a.m.19 views

Nirweb support < 2.8.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection PoC curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerdticketform=1 UNION ALL SELECT NULL,NULL,SELECT...

9.8CVSS1.5AI score0.82918EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2022/05/02 12:0 a.m.203 views

Nirweb support < 2.8.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerdticket&idform=1 UNION ALL SELECT NULL,NULL,SELECT userpa...

9.8CVSS1.6AI score0.82918EPSS
Exploits2
Rows per page
Query Builder