CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32438 – WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32438
Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cleverplugins.Com SEO Booster. Este problema afecta a SEO Booster: desde n/a hasta 3.8.9. The SEO Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.9. This is due to missing or incorrect nonce validation on the deleteall and delete actions. • https://patchstack.com/database/vulnerability/seo-booster/wordpress-seo-booster-plugin-3-8-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24747 – SEO Booster < 3.8 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24747
The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections. El plugin SEO Booster de WordPress anterior a la versión 3.8 permite la inyección SQL autentificada a través de la petición AJAX "fn_my_ajaxified_dataloader_ajax", ya que el parámetro $_REQUEST['order'][0]['dir'] no se escapa correctamente, lo que conduce a inyecciones SQL ciegas y basadas en errores • https://plugins.trac.wordpress.org/changeset/2637115 https://wpscan.com/vulnerability/40849d93-8949-4bd0-b60e-c0330b385fea • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •