SQL Injection

Overview ghost is a publishing platform Affected versions of this package are vulnerable to SQL Injection via the /ghost/api/admin/members/events endpoint due to the improper validation of postId. An attacker can execute arbitrary SQL commands by sending crafted requests to this endpoint while...

PT-2023-32571 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue allows authenticated attackers with contributor-level access and above to retrieve arbitrary post meta values, which...