Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
•added 2024/02/26 12:0 a.m.•21 views

Restrict User Access – Ultimate Membership & Content Protection < 2.6 - Information Exposure

Description The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...

5.3CVSS6.5AI score0.00546EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/26 12:0 a.m.•21 views

Comments Extra Fields For Post,Pages and CPT < 5.1 - Missing Authorization

Description The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, wi...

4.3CVSS6.7AI score0.00533EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/26 12:0 a.m.•21 views

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxAddCategory

Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.3AI score0.00578EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/26 12:0 a.m.•21 views

Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card

Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers ...

4.3CVSS4.6AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/23 12:0 a.m.•21 views

Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Arbitrary File Upload

Description The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to...

8.8CVSS8AI score0.01497EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/23 12:0 a.m.•21 views

Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Brizy – Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS6.5AI score0.00516EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/20 12:0 a.m.•21 views

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/20 12:0 a.m.•21 views

Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset

Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action PoC Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions=diagnostic and click...

6.3AI score0.0077EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2024/02/19 12:0 a.m.•21 views

Link Library < 7.6.1 - Unauthenticated Stored Cross-Site Scripting

Description The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.5CVSS6AI score0.00415EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/17 12:0 a.m.•21 views

404 Solution < 2.35.8 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins. PoC 1. navigate to logs "https://example.com/wp-admin/options-general.php?page=abj404solution=abj404logs"...

7.2CVSS7.1AI score0.00756EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2024/02/14 12:0 a.m.•21 views

PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The PJ News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2024/02/14 12:0 a.m.•21 views

Malware Scanner < 4.7.3 - Admin+ SQLi

Description The plugin is vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to appe...

7.6CVSS7.8AI score0.00541EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/12 12:0 a.m.•21 views

Insert PHP Code Snippet < 1.3.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/12 12:0 a.m.•21 views

Brooklyn <= 4.9.7.6 - PHP Object Injection

Description The brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7.6 via deserialization of untrusted input from an unknown parameter. This makes it possible for authenticated attackers, with subscriber access and above, to inject a PHP...

8.8CVSS7.4AI score0.01089EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2024/02/09 12:0 a.m.•21 views

Royal Elementor Kit < 1.0.117 - Missing Authorization to Arbitrary Transient Update

Description The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber...

4CVSS6.6AI score0.00533EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/09 12:0 a.m.•21 views

RSS Aggregator by Feedzy < 4.4.3 - Missing Authorization to Arbitrary Page Creation and Publication

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up t...

6.5CVSS6.3AI score0.00518EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/09 12:0 a.m.•21 views

Blocksy < 2.0.20 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via headers/footers in all versions up to, and including, 2.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/08 12:0 a.m.•21 views

Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...

6.3AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/06 12:0 a.m.•21 views

All-In-One Security (AIOS) – Security and Firewall < 5.2.6 - Reflected Cross-Site Scripting

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS6.3AI score0.00555EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/05 12:0 a.m.•21 views

WP Visitor Statistics (Real Time Traffic) < 6.9.5 - Sensitive Information Exposure via Log File

Description The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.9.4. This makes it possible for unauthenticated attackers to extract sensitive data from log files...

5CVSS6.9AI score0.00453EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/02/02 12:0 a.m.•21 views

Don't Muck My Markup <= 1.8 - Cross-Site Request Forgery

Description The Don't Muck My Markup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform unauthorize...

4.3CVSS6.4AI score0.00241EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2024/01/26 12:0 a.m.•21 views

InstaWP Connect < 0.1.0.10 - Authenticated (Subscriber+) SQL Injection

Description The InstaWP Connect plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

6.5CVSS7.1AI score0.00621EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/26 12:0 a.m.•21 views

Backuply – Backup, Restore, Migrate and Clone < 1.2.4 - Admin+ Directory Traversal

Description The plugin is vulnerable to Directory Traversal via the nodeid parameter in the backuplygetjstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information...

3.3CVSS6.6AI score0.00764EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/26 12:0 a.m.•21 views

WP RSS Aggregator < 4.23.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.7AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/24 12:0 a.m.•21 views

WordPress Button Plugin MaxButtons < 9.7.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

4.9CVSS5.8AI score0.00399EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/20 12:0 a.m.•21 views

Product Import Export for WooCommerce < 2.3.8 - Shop Manager+ Arbitrary File Upload via upload_import_file

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadimportfile' function n all versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on th...

8CVSS7.6AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/20 12:0 a.m.•21 views

Advanced Custom Fields < 6.2.5 - Contributor+ Stored Cross-Site Scripting via Custom Field

Description The plugin is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.4CVSS5.6AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/20 12:0 a.m.•21 views

WP Recipe Maker < 9.1.1 - Reflected Cross-Site Scripting via Referer

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/18 12:0 a.m.•21 views

Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload

Description The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role...

7.2CVSS7.9AI score0.01496EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2024/01/18 12:0 a.m.•21 views

InstaWP Connect < 0.1.0.9 - Missing Authorization to Arbitrary Options Update

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemanagementsettings function in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated...

6.1AI score0.01112EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/12 12:0 a.m.•21 views

ARMember < 4.0.23 - Cross-Site Request Forgery

Description The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.22. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to inject PHP objects via a forged...

9.8CVSS6.6AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/12 12:0 a.m.•21 views

WP Job Manager < 2.1.0 - Cross-Site Request Forgery

Description The WP Job Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the settingssave function. This makes it possible for unauthenticated attackers to save settings via a...

6.6AI score0.00109EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/12 12:0 a.m.•21 views

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion

Description The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 exclusive. This makes it possible for authenticated attackers, with subscriber-level access and above, ...

6.3AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/12 12:0 a.m.•21 views

CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting

Description The CPT Bootstrap Carousel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.0033EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2024/01/08 12:0 a.m.•21 views

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. PoC - As a user with Author+ capabilities, create a new...

4.8CVSS6.6AI score0.00377EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

Uncode Core < 2.8.9 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site...

7.7CVSS6.9AI score0.00472EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

Webba Booking < 5.0 - Cross-Site Request Forgery

Description The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.33. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for...

8.8CVSS6.7AI score0.00222EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

Thrive Automator < 1.17.1 - Cross-Site Request Forgery

Description The Thrive Automator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.17. This is due to missing or incorrect nonce validation on the factoryreset function. This makes it possible for unauthenticated attackers to reset plugin setting...

8.8CVSS6.6AI score0.00234EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

WP Adminify < 3.1.7 - Authenticated(Administrator+) SQL Injection

Description The WP Adminify plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 3.1.7 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.00541EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

Zoho Forms < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.01076EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

Simply Schedule Appointments < 1.6.6.1 - Authenticated(Administrator+) SQL Injection

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.6.6.1 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.6CVSS7.5AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/05 12:0 a.m.•21 views

BookingPress < 1.0.73 - Authenticated (Contributor+) SQL Injection

Description The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.0.72 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7.5AI score0.00537EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/04 12:0 a.m.•21 views

WooCommerce Ship to Multiple Addresses < 3.8.10 - Missing Authorization

Description The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.4AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/04 12:0 a.m.•21 views

HT Mega < 2.3.9 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the regbio parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.2AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/04 12:0 a.m.•21 views

WooCommerce Shipping Per Product < 2.5.5 - Missing Authorization

Description The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with customer-level access and above, to perform ...

4.3CVSS6.7AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/03 12:0 a.m.•21 views

Verge3D < 4.5.3 - Subscriber+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'v3duploadappfile' function, allowing any authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code executi...

9.9CVSS9.4AI score0.00594EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/03 12:0 a.m.•21 views

Essential Blocks for Gutenberg < 4.2.1 - Subscriber+ Unauthorised Actions

Description The plugin does not have proper authorisation checks in various functions, allowing any authenticated users, such as subscribers to perform unauthorized actions...

6.3AI score0.00573EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/03 12:0 a.m.•21 views

PageLayer < 1.7.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.8AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2024/01/01 12:0 a.m.•21 views

Solid Security Basic < 9.0.1 - Unauthenticated Login Page Disclosure

Description The plugin is vulnerable to protection mechanism bypass due to disclosing the login path when comments are enabled and registration is required. This makes it possible for unauthenticated attackers to discover the login page path and bypass the intended functionality of the security...

7.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/29 12:0 a.m.•21 views

Mail logging - WP Mail Catcher < 2.1.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.7AI score0.00534EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000