2 matches found
CVE-2023-5430
CVE-2023-5430 : The WordPress plugin “Jquery news ticker” is vulnerable to SQL Injection via the shortcode in versions up to and including 3.0. The issue stems from insufficient escaping of user-supplied input and lack of proper preparation in the SQL query, enabling authenticated attackers with ...
CVE-2023-5432
The CVE-2023-5432 entry concerns the WordPress plugin Jquery news ticker. Affected software: the Jquery news ticker plugin for WordPress (versions up to and including 3.1). Vulnerability: Stored Cross-Site Scripting via the jquery-news-ticker shortcode resulting from insufficient input sanitizati...