CVE-2013-10013 – Bricco Authenticator Plugin DBAuthenticator.java compare sql injection
https://notcve.org/view.php?id=CVE-2013-10013
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. • https://github.com/Bricco/authenticator-plugin/commit/a5456633ff75e8f13705974c7ed1ce77f3f142d5 https://github.com/Bricco/authenticator-plugin/releases/tag/1.39 https://vuldb.com/?ctiid.218428 https://vuldb.com/?id.218428 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-3994 – Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure
https://notcve.org/view.php?id=CVE-2022-3994
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations. El complemento Authenticator de WordPress anterior a 1.3.1 no impide que los suscriptores actualicen el token de acceso al feed de un sitio, lo que puede negar a otros usuarios el acceso a la funcionalidad en ciertas configuraciones. The Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the regenerate_token function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to generate tokens. • https://wpscan.com/vulnerability/802a2139-ab48-4281-888f-225e6e3134aa • CWE-862: Missing Authorization •