CVE-2024-3265

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

Related Vulnerabilities

CVE-2019-4147

MEDIUM
CVSS:4.7(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or ...

CWE-892019

CVE-2023-0531

MEDIUM
CVSS:4.7(Medium)

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipula...

CWE-892023

CVE-2023-0532

MEDIUM
CVSS:4.7(Medium)

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove...

CWE-892023

CVE-2023-0533

MEDIUM
CVSS:4.7(Medium)

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin...

CWE-892023

CVE-2023-0534

MEDIUM
CVSS:4.7(Medium)

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The mani...

CWE-892023

CVE-2024-13608

MEDIUM
CVSS:4.7(Medium)

The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

CWE-892024