Lucene search
+L

59 matches found

CVE
CVE
added 2025/04/09 4:9 p.m.58 views

CVE-2025-32550

CVE-2025-32550 is an unauthenticated SQL Injection in Click & Pledge Connect Plugin for WordPress. Affected: Click & Pledge Connect Plugin versions 2.24080000 up to WP6.6.1. The issue is cataloged with CVSS v3.1 base score 7.2 (High) and a network attack vector with no user interaction and change...

7.2CVSS8.9AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 4:9 p.m.13 views

CVE-2025-32550 WordPress Click & Pledge Connect Plugin Plugin <= 2.24080000-WP6.6.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1...

7.2CVSS0.00496EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/09 4:9 p.m.4 views

CVE-2025-32550 WordPress Click & Pledge Connect Plugin Plugin <= 2.24080000-WP6.6.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1...

7.2CVSS7.3AI score0.00496EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.4 views

WordPress plugin Click & Pledge Connect Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.2CVSS7.9AI score0.00496EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15787 · WordPress · Click & Pledge Connect Plugin

Name of the Vulnerable Software and Affected Versions: Click & Pledge Connect Plugin versions 2.24080000 through WP6.6.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

7.2CVSS7.7AI score0.00496EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2024/05/01 4:1 p.m.20 views

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The Biden administration is asking tech companies to sign a pledge, obtained by WIRED, to improve their digital security, including reduced default password use and improved vulnerability disclosures...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/05/10 11:1 p.m.8 views

climatepledge.global Cross Site Scripting vulnerability OBB-3319261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2022/11/15 10:15 p.m.28 views

CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...

8.8CVSS0.00196EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 9:15 p.m.25 views

Design/Logic Flaw

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrit...

4CVSS8.2AI score0.00193EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/15 12:15 a.m.21 views

CVE-2022-33985

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM...

7CVSS0.00132EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 12:15 a.m.19 views

Design/Logic Flaw

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

3.5CVSS6.8AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.23 views

Information disclosure

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...

3.5CVSS6.8AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.72 views

CVE-2022-32267

CVE-2022-32267 concerns DMA targeting input buffers used by the SmmResourceCheckDxe SMI handler in InsydeH2O UEFI firmware, leading to SMRAM corruption via a TOCTOU vulnerability. The issue, discovered by Insyde engineering, is mitigated by kernel updates: Kernel 5.2 (05.27.23), 5.3 (05.36.23), 5...

6.4CVSS6.4AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.75 views

CVE-2022-33983

CVE-2022-33983 describes a TOCTOU DMA attack affecting the NvmExpressLegacy SMI handler used by the NvmExpressLegacy driver, potentially enabling SMRAM corruption. The issue is triggered by DMA transactions targeting input buffers for the software SMI handler, with the root cause tied to TOCTOU c...

7CVSS6.9AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.72 views

CVE-2022-33984

The CVE-2022-33984 entry describes a TOCTOU DMA vulnerability affecting the SdMmcDevice SMI handler that can corrupt SMRAM. Connected sources expand to multiple TOCTOU flaws in Insyde-managed firmware (various SMI handlers such as SdHostDriver, FvbServicesRuntimeDxe, IdeBusDxe) with CVEs 2022-307...

7CVSS6.8AI score0.00151EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.46 views

CVE-2022-31243

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handl...

6.8AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.32 views

CVE-2022-33984

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corrupti...

7.1AI score0.00151EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/11/12 12:0 a.m.10 views

Upgraded Q -> M from #272 [1668215320788]

Judge has assessed an item in Issue 272 as M risk. The relevant finding follows: Inaccurate comment can be misleading. The following retrievePledgeRewards function is for retrieving the non-distributed rewards from an expired pledge, not just a closed pledge. Calling this function for a pledge th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.12 views

Owner can drain pledged tokens balance with recoverERC20 function

Lines of code Vulnerability details Impact The recoverERC20 function allows the owner to withdraw the ERC20 tokens sent by acceident to the contract but it doesn't allow him to withdraw pldged tokens, the owner though could use the removeRewardToken function to remove a token used currently in a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.12 views

Pledge creator can extend pledge without paying in edge cases.

Lines of code Vulnerability details Impact Pledge creator can extend pledge without paying in edge cases. Proof of Concept When pledge creators wants to extend their pledges, they must transfer an additional reward amount and fee: uint256 totalRewardAmount = pledgeParams.rewardPerVote...

6.8AI score
Exploits0
Rows per page
Query Builder