Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-5280

Malware in sbrugna...

7.5CVSS6.4AI score0.02206EPSS
Exploits2References3
NVD
NVD
added 2022/07/04 1:15 p.m.16 views

CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

6.5CVSS0.00502EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/07/04 1:15 p.m.5 views

CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

6.5CVSS6.7AI score0.00502EPSS
Exploits2References2
OSV
OSV
added 2022/07/04 1:15 p.m.1 views

CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

6.5CVSS5.9AI score0.00502EPSS
Exploits2References1
Prion
Prion
added 2022/07/04 1:15 p.m.17 views

Cross site scripting

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

4.3CVSS6.1AI score0.00502EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/07/04 1:5 p.m.71 views

CVE-2022-1967

The CVE-2022-1967 entry concerns the WordPress WP Championship plugin prior to version 9.3, where missing CSRF checks allow an authenticated admin to perform unintended actions (e.g., create/delete teams, update settings) and may enable Stored XSS due to inadequate sanitisation/escaping. Multiple...

6.5CVSS6.1AI score0.00502EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/07/04 1:5 p.m.19 views

CVE-2022-1967 WP Championship < 9.3 - Multiple CSRF

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

6.3AI score0.00502EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/06/13 12:0 a.m.25 views

WordPress wp-championship plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in the WordPress wp-championship plugin versions = 9.2. Solution Update the WordPress WP Championship plugin to the latest available version at least 9.3...

6.5CVSS2.4AI score0.00502EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2015/11/04 12:0 a.m.6 views

WordPress wp-championship plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. wp-championship is one of the plugins used to play guessing games. A SQL injection vulnerability exists in the...

7.5CVSS8.6AI score0.02206EPSS
Exploits2References1
NVD
NVD
added 2015/11/02 7:59 p.m.15 views

CVE-2015-5308

Multiple SQL injection vulnerabilities in csadminusers.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 user, 2 isadmin, 3 mail service, 4 mailresceipt, 5 stellv, 6 champtipp, 7 tippgroup, or 8 userid parameter...

7.5CVSS8.6AI score0.02206EPSS
Exploits2References2
CVE
CVE
added 2015/11/02 7:0 p.m.49 views

CVE-2015-5308

The CVE-2015-5308 entry applies to the WordPress plugin wp-championship (version 5.8) and affects the cs_admin_users.php component. The connected documents confirm multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via parameters: user, isadmin, m...

7.5CVSS8.9AI score0.02206EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/23 12:0 a.m.20 views

wp-championship <= 5.8 - Authenticated Blind SQL Injection

The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. PoC $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php=' --data="isadmin=1" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...

7.5CVSS2.5AI score0.02206EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2015/10/23 12:0 a.m.20 views

wp-championship <= 5.8 - Authenticated Blind SQL Injection

The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php&userid=' --data="isadmin=1&user" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...

7.5CVSS2.1AI score0.02206EPSS
Exploits2References1
Rows per page
Query Builder