Filtered by vendor Artplacer
Subscriptions
Filtered by product Artplacer Widget
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6373 | 1 Artplacer | 1 Artplacer Widget | 2024-11-21 | 8.8 High |
The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above) |
Page 1 of 1.