EUVD-2022-15882

Malicious code in bioql PyPI...

CVE-2024-12285

The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2022-0836

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

CVE-2024-12285 SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter

The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-12285 SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter

The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-12285

CVE-2024-12285 affects the SEMA API WordPress plugin. It describes a Reflected Cross-Site Scripting vulnerability via the catid parameter caused by insufficient input sanitization and output escaping. Attackers could exploit this without authentication to inject web scripts in pages rendered when...

WordPress SEMA API plugin <= 5.27 - Reflected Cross-Site Scripting via catid Parameter vulnerability

Reflected Cross-Site Scripting via catid Parameter vulnerability discovered by vgo0 in WordPress Plugin SEMA API versions = 5.27...

WordPress plugin SEMA API 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2022-0836

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

CVE-2022-0836

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

Sql injection

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

CVE-2022-0836 SEMA API < 4.02 - Unauthenticated SQLi

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

CVE-2022-0836

The CVE-2022-0836 entry concerns the WordPress plugin SEMA API, affected versions prior to 4.02. The issue is an SQL injection caused by improper sanitisation/escaping of parameters used in SQL statements via an AJAX action, exploitable by unauthenticated users. Several connected sources (Red Hat...

PT-2022-13460 · WordPress · Sema Api Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: SEMA API WordPress plugin versions prior to 4.02 Description: The issue arises from the SEMA API WordPress plugin's failure to properly sanitise and escape certain parameters before using them in SQL statements via an AJAX action. This leads ...

WordPress plugin SEMA API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users PoC v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata=attributes=-3 UNION ALL...

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata&type=attributes&catid=-3 UNION...

WordPress SEMA API plugin < 4.02 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress SEMA API plugin versions 4.02. Solution Update the WordPress SEMA API plugin to the latest available version at least 4.02...