CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41684 – WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41684
04 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Felix Welberg SIS Handball en versiones <= 1.0.45. The SIS Handball plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.45. This is due to missing nonce validation on the page_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings vi... • https://patchstack.com/database/vulnerability/sis-handball/wordpress-sis-handball-plugin-1-0-45-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33924 – WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-33924
23 May 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Felix Welberg SIS Handball permite la inyección SQL. Este problema afecta a SIS Handball: desde n/a hasta 1.0.45. The SIS Handball plugin for WordPress is vulnerable to time-based SQ... • https://patchstack.com/database/vulnerability/sis-handball/wordpress-sis-handball-plugin-1-0-45-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •