CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0234 – SiteGround Security < 1.3.1 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-0234
13 Jan 2023 — The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. The SiteGround Security plugin for WordPress is vulnerable to blind SQL Injection via some if its filtering and paging parameters in versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level... • https://github.com/namah-age/CVEs/blob/master/1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0993 – SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass
https://notcve.org/view.php?id=CVE-2022-0993
07 Apr 2022 — The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5. El plugin de seguridad de SiteGround para WordPress es vulnerable a una omisión de autenticación que permite a usuarios no autenticados iniciar sesión como usuarios administrativos debido a una falta ... • https://packetstorm.news/files/id/166642 • CWE-285: Improper Authorization CWE-306: Missing Authentication for Critical Function •