CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0234 – SiteGround Security < 1.3.1 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-0234
13 Jan 2023 — The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. The SiteGround Security plugin for WordPress is vulnerable to blind SQL Injection via some if its filtering and paging parameters in versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level... • https://github.com/namah-age/CVEs/blob/master/1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0993 – SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass
https://notcve.org/view.php?id=CVE-2022-0993
07 Apr 2022 — The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5. El plugin de seguridad de SiteGround para WordPress es vulnerable a una omisión de autenticación que permite a usuarios no autenticados iniciar sesión como usuarios administrativos debido a una falta ... • https://packetstorm.news/files/id/166642 • CWE-285: Improper Authorization CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0992 – SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
https://notcve.org/view.php?id=CVE-2022-0992
06 Apr 2022 — The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.... • https://packetstorm.news/files/id/166642 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25217 – SiteGround Optimizer <= 5.0.12 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-25217
14 Mar 2019 — The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achiev... • https://www.wordfence.com/threat-intel/vulnerabilities/id/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve • CWE-862: Missing Authorization •