CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38382 – WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-38382
06 Nov 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Daniel Söderström / Sidney van de Stouwe Subscribe to Category permite la inyección SQL. Este problema afecta Subscribe to Category: desde... • https://patchstack.com/database/vulnerability/subscribe-to-category/wordpress-subscribe-to-category-plugin-2-7-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32590 – WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-32590
20 Jul 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Daniel Söderström / Sidney van de Stouwe Subscribe to Category. Este problema afecta a Subscribe to Category: desde n/a hasta 2.7.4 The Subscribe to Category plug... • https://patchstack.com/database/vulnerability/subscribe-to-category/wordpress-subscribe-to-category-plugin-2-7-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43476 – WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-43476
31 Oct 2022 — Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4. The Subscribe to Category plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with subscriber-level permissions and ab... • https://patchstack.com/database/wordpress/plugin/subscribe-to-category/vulnerability/wordpress-subscribe-to-category-plugin-2-7-1-auth-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •