2 matches found
CVE-2023-2601
CVE-2023-2601 concerns the WordPress plugin WP Brutal AI prior to version 2.0.0, which is vulnerable to a SQL injection due to improper sanitisation/escaping of a parameter before it is used in an SQL statement. The vulnerability is exploitable by an administrator via CSRF, enabling potential una...
CVE-2023-2605
Summary of CVE-2023-2605 (WP Brutal AI WordPress plugin) : The WP Brutal AI plugin (wpbrutalai) prior to version 2.0.1 is vulnerable to a reflected XSS due to not sanitising and escaping a user-supplied parameter before echoing it back in the page. The issue can affect an admin or other high-priv...