CVE-2023-45657 – WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45657
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en POSIMYTH Nexter permite la inyección SQL. Este problema afecta a Nexter: desde n/a hasta 2.0.3. The Nexter theme for WordPress is vulnerable to SQL Injection via the 'to' and 'from' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of valid preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://github.com/RandomRobbieBF/CVE-2023-45657 https://patchstack.com/database/vulnerability/nexter/wordpress-nexter-theme-2-0-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-45658 – WordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45658
Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3. Vulnerabilidad de autorización faltante en POSIMYTH Nexter. Este problema afecta a Nexter: desde n/a hasta 2.0.3. The Nexter theme for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as nexter_extra_ext_active_ajax, nexter_extra_ext_deactivate_ajax, nexter_ext_wp_replace_url_settings_ajax, nexter_ext_wp_duplicate_post_settings_ajax, nexter_ext_save_data_ajax, and more in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate posts, modify settings, and more. • https://patchstack.com/database/vulnerability/nexter/wordpress-nexter-theme-2-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •