» 2023 » 10월

CVE-2023-5437

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5437

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5437

CVE-2023-5873

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5873

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

Source: CVE-2023-5873

CVE-2023-5439

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5439

The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5439

CVE-2023-5431

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5431

The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5431

CVE-2023-5429

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5429

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5429

CVE-2023-5430

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5430

CVE-2023-5428

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5428

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5428

CVE-2023-5435

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5435

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5435

CVE-2023-5434

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5434

CVE-2023-5412

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5412

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5412