CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8621 – Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-8621
24 Sep 2024 — The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information f... • https://plugins.trac.wordpress.org/browser/daily-prayer-time-for-mosques/tags/2024.08.26/Models/QuranADay/QuranDB.php#L72 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47817 – WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47817
15 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13 versions. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en el complemento mmrs151 Daily Prayer Time en versiones <= 2023.10.13. The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 20... • https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-10-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27631 – WordPress Daily Prayer Time Plugin <= 2023.05.04 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27631
08 Mar 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions. The Daily Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2023.03.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected p... • https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-02-21-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27632 – WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27632
08 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento mmrs151 Daily Prayer Time en versiones <= 2023.03.08. The Daily Prayer Time plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2023.03.08. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions such ... • https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-02-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2022-0785 – Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-0785
13 Apr 2022 — The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection El plugin Daily Prayer Time de WordPress versiones anteriores a 2022.03.01, no sanea y escapa del parámetro month antes de usarlo en una sentencia SQL por medio de la acción AJAX get_monthly_timetable (disponible para usuarios no autenticados), co... • https://wpscan.com/vulnerability/e1e09f56-89a4-4d6f-907b-3fb2cb825255 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24523 – Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24523
10 Aug 2021 — The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. El plugin Daily Prayer Time de WordPress versiones anteriores a 2021.08.10, no sanea o escapa de algunos de sus parámetros antes de mostrarlos en la página, conllevando a problemas de tipo Cross-Site Scripting Autenticado • https://wpscan.com/vulnerability/832fe086-1d33-430b-bdb5-e444761576b2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •