146 matches found
Sql injection
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...
CVE-2021-24769 Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...
CVE-2021-24769
The CVE-2021-24769 affects the WordPress plugin Permalink Manager Lite (before 2.2.13.1). The vulnerability arises from not validating/escaping the orderby parameter before embedding it in a SQL statement on the Permalink Manager page, enabling SQL injection. Public sources (PatchStack, CVE recor...
Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection PoC https://example.com/wp-admin/tools.php?page=permalink-manager=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...
WordPress Permalink Manager Lite plugin <= 2.2.12 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Permalink Manager Lite plugin versions = 2.2.12. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.13.1...
Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection https://example.com/wp-admin/tools.php?page=permalink-manager&orderby=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...