2 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-49778 – WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection

https://notcve.org/view.php?id=CVE-2023-49778

05 Dec 2023 — Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. Vulnerabilidad de deserialización de datos no confiables en Hakan Demiray Sayfa Sayac. Este problema afecta a Sayfa Sayac: desde n/a hasta 2.6. The Sayfa Sayac plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-49776 – WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2023-49776

05 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Hakan Demiray Sayfa Sayac. Este problema afecta a Sayfa Sayac: desde n/a hasta 2.6. The Sayfa Sayaç plugin for WordPress is vulnerable to SQL Injection via the in versions up to, and including, 2.6 due to ins... • https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •