CVE-2023-2605

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin...

CVE-2023-2601

The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF...

Cross site request forgery (csrf)

The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF...

CVE-2023-2605

Summary of CVE-2023-2605 (WP Brutal AI WordPress plugin) : The WP Brutal AI plugin (wpbrutalai) prior to version 2.0.1 is vulnerable to a reflected XSS due to not sanitising and escaping a user-supplied parameter before echoing it back in the page. The issue can affect an admin or other high-priv...

CVE-2023-2601

CVE-2023-2601 concerns the WordPress plugin WP Brutal AI prior to version 2.0.0, which is vulnerable to a SQL injection due to improper sanitisation/escaping of a parameter before it is used in an SQL statement. The vulnerability is exploitable by an administrator via CSRF, enabling potential una...

PT-2023-20450 · WordPress · Wpbrutalai

Name of the Vulnerable Software and Affected Versions: wpbrutalai WordPress plugin versions prior to 2.0.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. Th...

PT-2023-20421 · WordPress · Wpbrutalai

Name of the Vulnerable Software and Affected Versions: wpbrutalai WordPress plugin versions prior to 2.0.0 Description: The issue is related to a SQL injection that can be exploited by an admin via CSRF. This occurs because a parameter is not properly sanitized and escaped before being used in a...