19 matches found
EUVD-2017-18353
Malware in sbrugna...
EUVD-2023-34281
Malicious code in bioql PyPI...
EUVD-2024-23226
Malicious code in bioql PyPI...
CVE-2023-2830
Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...
CVE-2024-25924
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3...
CVE-2024-25924
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3...
CVE-2024-25924
The CVE-2024-25924 entry concerns the WordPress WP Testimonials plugin (
WP Testimonials < 1.4.4 - Authenticated (Contributor+) SQL Injection
Description The WP Testimonials plugin for WordPress is vulnerable to SQL Injection via the 'widgetid' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WordPress WP Testimonials Plugin <= 1.4.3 is vulnerable to SQL Injection
Software WP Testimonials Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25924 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ad45f04259df Credits Le Ngoc Anh Required privilege Administrator...
CVE-2023-2830
Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...
CVE-2023-2830
CVE-2023-2830 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Trustindex.Io WP Testimonials WordPress plugin, affecting versions ≤ 1.4.2. The vulnerability is addressed by upgrading to version 1.4.3 or later. Several sources (Patchstack, Red Hat, NVD/CVE references) consistentl...
WordPress WP-Testimonials Plugin < 3.4.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage:...
CVE-2017-9418
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...
Sql injection
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...
CVE-2017-9418
CVE-2017-9418 is a SQL injection vulnerability in the WordPress WP-Testimonials plugin version 3.4.1. An authenticated user can exploit the testid parameter in wp-admin/admin.php to execute arbitrary SQL commands. Public PoCs and exploits demonstrate union-based payloads and version disclosure, i...
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Version: 3.4.1...
WordPress WP-Testimonials SQL Injection
Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Version: 3.4.1...
WP-Testimonials - Authenticated SQL Injection
Researcher tested version 3.4.1. Plugin removed from WordPress directory...