CVSS: 9.8EPSS: 58%CPEs: 1EXPL: 2CVE-2021-24741 – Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
https://notcve.org/view.php?id=CVE-2021-24741
03 Sep 2021 — The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. El plugin Support Board de WordPress versiones anteriores a 3.3.4, no escapa de múltiples parámetros POST (como status_code, department, user_id, conversation_id, conversation_status_code, y recipient_id) ant... • https://github.com/dldygnl/CVE-2021-24741 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18373 – Support Board for WordPress <= 1.2.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18373
16 Oct 2018 — In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. En el plugin Schiocco "Support Board - Chat And Help Desk" 1.2.3 para WordPress, se ha descubierto una vulnerabilidad Cross-Site Scripting (XSS) persistente en las áreas de subida de archivos de las secciones Chat y Help Desk mediante el parámetro ... • https://packetstorm.news/files/id/149806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •