1666 matches found
Post Content XMLRPC <= 1.0 - Admin+ SQL Injections
The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections https://example.com/wp-admin/admin.php?page=pcxaddsites&mode=add&id=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...
Post Content XMLRPC <= 1.0 - Admin+ SQL Injections
The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections PoC https://example.com/wp-admin/admin.php?page=pcxaddsites=add=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...
CVE-2021-24741 Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users...
CVE-2021-24727
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...
Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. The login-cookie parameter is needed,...
Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. PoC The login-cookie parameter is...
SMTP Mail < 1.2.2 - Authenticated SQL Injections
The plugin does not properly validate or escape the order and orderby parameters before using them in SQL statements, leading to SQL Injections in the admin dashboard PoC...
BuddyPress < 9.1.1 - SQL Injections
The plugin was affected by SQL Injections via the BPNotificationsNotification::getorderbysql and BPInvitation::getorderbysql functions...
Email Artillery <= 4.1 - Multiple Authenticated SQL Injections
The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yesid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...
Email Artillery <= 4.1 - Multiple Authenticated SQL Injections
The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&postid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections PoC https://example.com/wp-admin/admin.php?page=sbbmy-custom-submenu-page=1+AND+%28SELECT+4242+FROM+%28SELECT%28SLEEP%285%29%29%29aaa%29=asc...
CVE-2021-24459 Survey Maker < 1.5.6 - Authenticated Blind SQL Injections
The getresults and getitems functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
What is Web API Security❓ — Methods of Protection
What is Web API Security❓ — Methods of Protection Before stressing what web API security is, it is important to first explain what APIs are. What are APIs? Fully known as Application Programming Interface , API is a software middle person that allows your applications to talk with one another. It...
FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections
The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...
Popup box < 2.3.4 - Authenticated Blind SQL Injections
The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...
Survey Maker < 1.5.6 - Authenticated Blind SQL Injections
The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...
Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections
The plugin did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard When we WPScanTeam confirmed the issues, more SQL Injections were identified, reported and fixed by the vendor but have not...
CVE-2021-24361 GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues...