CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25902 – WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2024-25902
12 Feb 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. The Malware Scanner plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 4.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with adm... • https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-2-admin-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52176 – WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-52176
29 Dec 2023 — Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en miniorange Malware Scanner permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Malware Scanner: desde n/a hasta 4.7.1. The Malware Scanner plugin for WordPress is vulnerable ... • https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-1-ip-restriction-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •