CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5431 – Left right image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5431
30 Oct 2023 — The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El com... • https://plugins.trac.wordpress.org/browser/left-right-image-slideshow-gallery/trunk/left-right-image-slideshow-gallery.php?rev=2827127#L211 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5433 – Message ticker <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5433
30 Oct 2023 — The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Message Tick... • https://plugins.trac.wordpress.org/browser/message-ticker/trunk/message-ticker.php?rev=2827131#L142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5434 – Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5434
30 Oct 2023 — The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento d... • https://plugins.trac.wordpress.org/browser/superb-slideshow-gallery/trunk/superb-slideshow-gallery.php?rev=2827170#L127 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5435 – Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5435
30 Oct 2023 — The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El comple... • https://plugins.trac.wordpress.org/browser/up-down-image-slideshow-gallery/trunk/up-down-image-slideshow-gallery.php?rev=2827173#L208 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5436 – Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5436
30 Oct 2023 — The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Vertical m... • https://plugins.trac.wordpress.org/browser/vertical-marquee-plugin/trunk/vertical-marquee-plugin.php?rev=2827080#L170 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5437 – WP fade in text news <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5437
30 Oct 2023 — The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento de no... • https://plugins.trac.wordpress.org/browser/wp-fade-in-text-news/trunk/wp-fade-in-text-news.php?rev=2827202#L236 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5438 – wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5438
30 Oct 2023 — The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento de pres... • https://plugins.trac.wordpress.org/browser/wp-image-slideshow/trunk/wp-image-slideshow.php?rev=2827205#L189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5439 – Wp photo text slider 50 <= 8.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5439
30 Oct 2023 — The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Wp ... • https://plugins.trac.wordpress.org/browser/wp-photo-text-slider-50/trunk/wp-photo-text-slider-50.php?rev=2827206#L196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5464 – Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5464
30 Oct 2023 — The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento ... • https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5465 – Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2023-5465
30 Oct 2023 — The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Popup w... • https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •