13 matches found
EUVD-2015-5280
Malware in sbrugna...
CVE-2022-1967
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
CVE-2022-1967
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
CVE-2022-1967
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
Cross site scripting
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
CVE-2022-1967
The CVE-2022-1967 entry concerns the WordPress WP Championship plugin prior to version 9.3, where missing CSRF checks allow an authenticated admin to perform unintended actions (e.g., create/delete teams, update settings) and may enable Stored XSS due to inadequate sanitisation/escaping. Multiple...
CVE-2022-1967 WP Championship < 9.3 - Multiple CSRF
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...
WordPress wp-championship plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in the WordPress wp-championship plugin versions = 9.2. Solution Update the WordPress WP Championship plugin to the latest available version at least 9.3...
WordPress wp-championship plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. wp-championship is one of the plugins used to play guessing games. A SQL injection vulnerability exists in the...
CVE-2015-5308
Multiple SQL injection vulnerabilities in csadminusers.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 user, 2 isadmin, 3 mail service, 4 mailresceipt, 5 stellv, 6 champtipp, 7 tippgroup, or 8 userid parameter...
CVE-2015-5308
The CVE-2015-5308 entry applies to the WordPress plugin wp-championship (version 5.8) and affects the cs_admin_users.php component. The connected documents confirm multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via parameters: user, isadmin, m...
wp-championship <= 5.8 - Authenticated Blind SQL Injection
The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. PoC $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php=' --data="isadmin=1" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...
wp-championship <= 5.8 - Authenticated Blind SQL Injection
The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php&userid=' --data="isadmin=1&user" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...