15 matches found
CVE-2023-31235
Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...
EUVD-2014-3894
Malware in sbrugna...
EUVD-2020-29444
Malware in sbrugna...
EUVD-2023-35550
Malicious code in bioql PyPI...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...
CVE-2023-31235
CVE-2023-31235 affects the WordPress Participants Database plugin (versions
CVE-2022-47612
Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...
CVE-2022-47612
CVE-2022-47612 affects the WordPress Participants Database plugin for versions
Sql injection
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, listfiltercount, or sortBy parameters. It is possible to exfiltrate data and potentially execute code if certain conditions are m...
CVE-2020-8596
CVE-2020-8596 affects the WordPress plugin Participants Database (versions ≤ 1.9.5.5). The vulnerability is a time-based SQL injection in the plugin’s parameters ascdesc, list_filter_count, and sortBy, which can enable data exfiltration and, under certain conditions, remote code execution. Exploi...
CVE-2017-14126
The Participants Database plugin before 1.7.5.10 for WordPress has XSS...
CVE-2017-14126
The Participants Database plugin before 1.7.5.10 for WordPress has XSS...
Participants Database Plugin for WordPress < 1.5.4.9 'query' Parameter SQL Injection
The Participants Database Plugin for WordPress installed on the remote host is prior to version 1.5.4.9. It is, therefore, affected by a SQL injection vulnerability due to failure to properly sanitize user-supplied input to the 'query' parameter in the 'pdb-signup' script. A remote, unauthenticat...
CVE-2014-3961
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/...