Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11342

Malware in sbrugna...

7.2CVSS6.9AI score0.01721EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11935

Malware in sbrugna...

7.2CVSS6.9AI score0.01112EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.7 views

CVE-2021-24430

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

7.2CVSS6.7AI score0.01721EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.4 views

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

7.2CVSS7.1AI score0.01112EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/07 12:0 a.m.20 views

WordPress SQL Injection Vulnerability (CNVD-2022-03213)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress plugin Speed Booster Pack version 4.3.3.1 previously had a SQL injection...

7.2CVSS2.2AI score0.01112EPSS
Exploits2References1
OSV
OSV
added 2022/01/03 1:15 p.m.3 views

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

7.2CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/01/03 1:15 p.m.17 views

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

7.2CVSS0.01112EPSS
Exploits2References1
Prion
Prion
added 2022/01/03 1:15 p.m.16 views

Sql injection

The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

6.5CVSS7.2AI score0.01112EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.19 views

CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

7.5AI score0.01112EPSS
Exploits2References1
CVE
CVE
added 2022/01/03 12:49 p.m.47 views

CVE-2021-25023

The CVE-2021-25023 entry documents an SQL injection in the WordPress plugin Speed Booster Pack (Admin+ SQL Injection) prior to 4.3.3.1. The root cause is failure to escape the sbp_convert_table_name parameter before using it in a SQL statement used to convert a related table. Impact stated includ...

7.2CVSS7.2AI score0.01112EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.3 views

WordPress plugin Speed Booster Pack âš¡ PageSpeed Optimization Suite SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress plugin Speed Booster Pack version 4.3.3.1 previously had a SQL injection...

7.2CVSS6AI score0.01112EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/10/16 12:0 a.m.15 views

Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection

The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection PoC https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseactionaction=converttablesconverttablename=SQLi=b2d6208254 The nonce is...

7.2CVSS0.01112EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/10/16 12:0 a.m.62 views

Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection

The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseaction&sbpaction=converttables&sbpconverttablename=SQLi&nonce=b2d6208254 The nonc...

7.2CVSS0.4AI score0.01112EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/10/16 12:0 a.m.22 views

WordPress Speed Booster Pack plugin <= 4.3.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Quan, Hoang Xuan in WordPress Speed Booster Pack plugin versions = 4.3.3. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.3.3.1...

7.2CVSS2.3AI score0.01112EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2021/08/02 11:15 a.m.22 views

CVE-2021-24430

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

7.2CVSS0.01721EPSS
Exploits2References2
OSV
OSV
added 2021/08/02 11:15 a.m.3 views

CVE-2021-24430

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

7.2CVSS5.8AI score0.01721EPSS
Exploits2References2
Prion
Prion
added 2021/08/02 11:15 a.m.18 views

Design/Logic Flaw

The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

6.5CVSS6.9AI score0.01721EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/08/02 10:31 a.m.51 views

CVE-2021-24430

The CVE-2021-24430 entry concerns WordPress Speed Booster Pack plugin prior to 4.2.0. The root cause is improper validation of caching_exclude_urls and caching_include_query_strings when outputting them in a PHP file, enabling remote code execution (RCE) under authentication. Affected component: ...

7.2CVSS7AI score0.01721EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/02 10:31 a.m.27 views

CVE-2021-24430 Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

7.2AI score0.01721EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/05/10 12:0 a.m.19 views

WordPress Speed Booster Pack plugin <= 4.1.3 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by m0ze in WordPress Speed Booster Pack plugin versions = 4.1.3 to be more precise = 4.2.0-beta. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.2.0...

7.2CVSS4.7AI score0.01721EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder