2 results (0.004 seconds)

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-51672 – WordPress BetterLinks plugin <= 2.1.7 - SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-51672

01 Nov 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7. The BetterLinks plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level ac... • https://patchstack.com/database/vulnerability/betterlinks/wordpress-betterlinks-plugin-2-1-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-45104 – WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-45104

18 Oct 2023 — Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. The BetterLinks plugin for WordPress is vulnerable to unauthorized access and modification due to insufficient capability checks on the import_data and export_data functions in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to import and export plugin data. • https://patchstack.com/database/wordpress/plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-862: Missing Authorization •