8 matches found
WordPress plugin WP ERP Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Plugin Gallery by BestWebSoft SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress RSVPMaker plugin SQL injection vulnerability (CNVD-2022-67547)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. RSVPMaker is an event scheduling and RSVP tracking plugin used in WordPress RSVPMaker plugin 9.2.6 and earlier versions are vulnerable to SQL injection, which stems from a lack of SQL escaping of data. ...
Sql injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive informati...
CVE-2022-1453 RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from t...
CVE-2022-22735
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks...
ProfilePress < 3.1.11 - Multiple Vulnerabilities
The plugin changelog stated multiple vulnerability fixes, including Cross-Site Scripting XSS, SQL escaping and redirection validation. The changelog stated: - Fixed missing sql unescaping in member directory search. - Validate redirectto urls to prevent redirect to another site. - XSS fix by...
Sql injection
DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...