Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-10-06
Updated
2023-10-10
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-10-31
Updated
2022-11-01
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-01-13
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-01-13
Updated
2017-09-08
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
Max CVSS
10.0
EPSS Score
0.18%
Published
2012-09-06
Updated
2012-09-07
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!