CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Sql injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895

CVE-2023-0895 affects the WordPress WP Coder plugin, where versions up to 2.5.3 are vulnerable to time-based SQL Injection via the id parameter due to insufficient escaping and poor query preparation. Exploitation requires authenticated admin privileges. The issue has been fixed in version 2.5.4 ...

CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress plugin WP Coder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2023-16598 · WordPress · The Wp Coder

Name of the Vulnerable Software and Affected Versions: The WP Coder – add custom html, css and js code plugin for WordPress versions up to, and including, 2.5.3 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied...

CVE-2022-2388

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack...

CVE-2022-2388

The CVE-2022-2388 vulnerability affects the WP Coder WordPress plugin prior to version 2.5.3. The issue is a CSRF omission when deleting code created by the plugin, allowing an authenticated admin to delete arbitrary code via CSRF. Impact stated as I:H with no confidentiality impact and no availa...

WordPress WP Coder plugin <= 2.5.2 - Code Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Code Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Coder plugin versions = 2.5.2. Solution Update the WordPress WP Coder plugin to the latest available version at least 2.5.3...

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2021-25053 WP Coder < 2.5.2 - RFI leading to RCE via CSRF

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2021-25053

The CVE-2021-25053 entry concerns the WordPress WP Coder plugin prior to version 2.5.2. According to multiple sources in the connected documents, the wow-company admin menu page allows include() of arbitrary files with a PHP extension (including data:// or http://), enabling CSRF-facilitated remo...