CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43141 – WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43141
07 Aug 2024 — Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. The Participants Database plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.9.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP ch... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-9-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48751 – WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-48751
27 Nov 2023 — Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. Autorización faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en Roland Barker, xnau webdesign La base de datos de participantes permite acceder a la funcionalidad no restringida adecuadamente por las ACL, Cross-Sit... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-5-broken-access-control-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31235 – WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31235
03 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Roland Barker, xnau webdesign Participants Database en versiones <= 2.4.9. The Participants Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.9. This is due to missing or incorrect nonce validation on the _process_general function. This makes it po... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47612 – WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47612
20 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. The Participants Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.5. This is due to missing nonce validation on the process_request function. This makes it possible for unauthenticated attackers to modify participant lists via a forged request granted they can trick a site administrator into performi... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-5-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8596 – Participants Database <= 1.9.5.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-8596
10 Feb 2020 — participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). El archivo participants-database.php en el plugin de la base de datos Participants versiones 1.9.5.5 y anteriores para WordPress, presenta una vulnerabilidad de inyección SQL basada en el tiempo por medio de... • https://blog.impenetrable.tech/cve-2020-8596 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 5CVE-2014-3961 – Participants Database < 1.5.4.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3961
02 Jun 2014 — SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. Vulnerabilidad de inyección SQL en la página Export CSV en el plugin Participants Database anterior a 1.5.4.9 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro query en una acción 'output CSV' hacia pdb-signup/. • https://www.exploit-db.com/exploits/33613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •