20 matches found
EUVD-2021-11342
Malware in sbrugna...
EUVD-2021-11935
Malware in sbrugna...
CVE-2021-24430
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
CVE-2021-25023
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
WordPress SQL Injection Vulnerability (CNVD-2022-03213)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress plugin Speed Booster Pack version 4.3.3.1 previously had a SQL injection...
CVE-2021-25023
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
CVE-2021-25023
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
Sql injection
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...
CVE-2021-25023
The CVE-2021-25023 entry documents an SQL injection in the WordPress plugin Speed Booster Pack (Admin+ SQL Injection) prior to 4.3.3.1. The root cause is failure to escape the sbp_convert_table_name parameter before using it in a SQL statement used to convert a related table. Impact stated includ...
WordPress plugin Speed Booster Pack âš¡ PageSpeed Optimization Suite SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress plugin Speed Booster Pack version 4.3.3.1 previously had a SQL injection...
Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection PoC https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseactionaction=converttablesconverttablename=SQLi=b2d6208254 The nonce is...
Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseaction&sbpaction=converttables&sbpconverttablename=SQLi&nonce=b2d6208254 The nonc...
WordPress Speed Booster Pack plugin <= 4.3.3 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Quan, Hoang Xuan in WordPress Speed Booster Pack plugin versions = 4.3.3. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.3.3.1...
CVE-2021-24430
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
CVE-2021-24430
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
Design/Logic Flaw
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
CVE-2021-24430
The CVE-2021-24430 entry concerns WordPress Speed Booster Pack plugin prior to 4.2.0. The root cause is improper validation of caching_exclude_urls and caching_include_query_strings when outputting them in a PHP file, enabling remote code execution (RCE) under authentication. Affected component: ...
CVE-2021-24430 Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...
WordPress Speed Booster Pack plugin <= 4.1.3 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability discovered by m0ze in WordPress Speed Booster Pack plugin versions = 4.1.3 to be more precise = 4.2.0-beta. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.2.0...