» 2023 » 2월

CVE-2023-24652

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-24652

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.

Source: CVE-2023-24652

CVE-2023-24364

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-24364

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.

Source: CVE-2023-24364

CVE-2023-24654

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-24654

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.

Source: CVE-2023-24654

CVE-2023-24653

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.

Source: CVE-2023-24653

CVE-2023-0543

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0543

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Source: CVE-2023-0543

CVE-2023-0535

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0535

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Source: CVE-2023-0535

CVE-2023-0539

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0539

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Source: CVE-2023-0539

CVE-2023-0381

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0381

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks

Source: CVE-2023-0381

CVE-2023-0487

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0487

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin

Source: CVE-2023-0487

CVE-2023-0334

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0334

The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin

Source: CVE-2023-0334