CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5203 – WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection
https://notcve.org/view.php?id=CVE-2023-5203
11 Sep 2023 — The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. El complemento WP Sessions Time Monitoring Full Automatic WordPres anterior a 1.0.9 no sanitiza la URL de solicitud ni los parámetros de consulta antes de usarlos en una c... • https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •