CVE-2022-22735

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks...

CVE-2022-22735

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks...

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

CVE-2022-22735

The CVE-2022-22735 entry describes a SQL injection vulnerability in WordPress Simple Quotation plugin (versions

CVE-2022-22734

The CVE-2022-22734 entry concerns the WordPress Simple Quotation plugin (versions

PT-2022-15652 · WordPress · Simple Quotation Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Quotation WordPress plugin versions 1.3.2 and earlier Description: The issue is related to the lack of CSRF check when creating or editing a quote and the failure to sanitise and escape quotes. This allows an attacker to make a...

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Quotation plugin version 1.3.2 and...

WordPress plugin Simple Quotation SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Quotation plugin is vulnerable to SQL injection, which can be exploited by an authenticated attacker ...

WordPress Simple Quotation plugin <= 1.3.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review...

Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them alert/XSS-image/" / alert/XSS-quote/" /...