2 matches found
CVE-2024-9522
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajaxmasqlogin' function. This makes it possible for authenticated attackers, with subscriber-level...
WordPress WP Statistics plugin <=12.0.7 - Authenticated SQL Injection vulnerability
WordPress WP Statistic plugin in version 12.0.7 and earlier versions vulnerable to Authenticated SQL Injection vulnerability due to lack of sanitization in user-provided data. In this case users even with subscriber rights could use this vulnerability to steal sensitive data. Solution The plugin...