EUVD-2021-11304

Malware in sbrugna...

CVE-2021-24392

An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Sql injection

An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24392

CVE-2021-24392 affects WordPress Membership SwiftCloud.io plugin versions up to 1.0. The issue is an SQL injection caused by an unvalidated id GET parameter that is directly inserted into a SQL statement. Affected component: the plugin’s admin/page handling for the id parameter. Root cause: impro...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in WordPress Plugin WordPress Membership SwiftCloud.io, which stems from the failure of the Get request ID parameter in the product /wp-admin/admin.php?page to properly check user input data...

WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection

An id GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=swiftbookaddemailtemplate&id=0%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1 Cache-Control: max-age=0...

WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection

An id GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=swiftbookaddemailtemplate=0%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1 Cache-Control: max-age=0...