5 matches found
EUVD-2021-11976
Malware in sbrugna...
CVE-2021-25064
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection...
CVE-2021-25064
Consolidated details for CVE-2021-25064 show: affected product is the WordPress Wow Countdowns plugin up to version 3.1.2. The root cause is improper sanitization of the did parameter, which is directly used in a SQL statement, resulting in an authenticated SQL Injection. Exploitation evidence ap...
WordPress plugin Wow Countdowns SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Wow Countdowns plugin version 3.1.2 later has a SQL injection vulnerability, which stems from the plugin using the user The...
Wow Countdowns <= 3.1.2 - Admin+ SQLi
The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. PoC https://example.com/wp-admin/admin.php?page=mwp-countdown=del=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...