CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48751 – WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-48751
27 Nov 2023 — Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. Autorización faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en Roland Barker, xnau webdesign La base de datos de participantes permite acceder a la funcionalidad no restringida adecuadamente por las ACL, Cross-Sit... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-5-broken-access-control-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31235 – WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31235
03 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Roland Barker, xnau webdesign Participants Database en versiones <= 2.4.9. The Participants Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.9. This is due to missing or incorrect nonce validation on the _process_general function. This makes it po... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47612 – WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47612
20 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. The Participants Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.5. This is due to missing nonce validation on the process_request function. This makes it possible for unauthenticated attackers to modify participant lists via a forged request granted they can trick a site administrator into performi... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-5-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8596 – Participants Database <= 1.9.5.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-8596
10 Feb 2020 — participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). El archivo participants-database.php en el plugin de la base de datos Participants versiones 1.9.5.5 y anteriores para WordPress, presenta una vulnerabilidad de inyección SQL basada en el tiempo por medio de... • https://blog.impenetrable.tech/cve-2020-8596 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14126 – Participants Database <= 1.7.5.9 - Unauthorized Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14126
04 Sep 2017 — The Participants Database plugin before 1.7.5.10 for WordPress has XSS. El plugin Participants Database en versiones anteriores a la 1.7.5.10 para WordPress tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS). The Participants Database plugin for WordPress is vulnerable to Cross-Site Scripting via the 'Name' paremeter in versions up to, and including, 1.7.5.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute ... • https://www.exploit-db.com/exploits/42618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 5CVE-2014-3961 – Participants Database < 1.5.4.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3961
02 Jun 2014 — SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. Vulnerabilidad de inyección SQL en la página Export CSV en el plugin Participants Database anterior a 1.5.4.9 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro query en una acción 'output CSV' hacia pdb-signup/. • https://www.exploit-db.com/exploits/33613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •