CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49622 – WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49622
17 Oct 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0. The Apa Banner Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to inject malicious SQL used in a query via a forged request granted they can trick a site admini... • https://patchstack.com/database/vulnerability/apa-banner-slider/wordpress-apa-banner-slider-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •