» CVE

CVE-2023-5437

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5437

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5437

CVE-2023-5464

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5464

CVE-2023-5436

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5436

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5436

CVE-2023-5438

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5438

CVE-2023-5433

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5433

The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5433

CVE-2023-5412

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5412

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5412

CVE-2023-5434

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5434

CVE-2023-5435

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5435

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5435

CVE-2023-5428

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5428

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5428

CVE-2023-5430

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Source: CVE-2023-5430