CVE-2023-0224
published 2024-01-16CVE-2023-0224: The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.74%
88.5th percentile
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givewp | givewp | < 2.24.1 | 2.24.1 |
| chrome_chrome | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6737-mxc9-2p4p: The GiveWP WordPress plugin before 2
ghsa_unreviewed·2024-01-16
CVE-2023-0224 [CRITICAL] CWE-89 GHSA-6737-mxc9-2p4p: The GiveWP WordPress plugin before 2
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
Chrome
Stable Channel Update for Desktop: CVE-2024-0222
vendor_chrome·2024-01-03·CVSS 8.8
CVE-2024-0222 [HIGH] Stable Channel Update for Desktop: CVE-2024-0222
Stable Channel Update for Desktop
CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13 [$15000][ 1505009 ] High CVE-2024-0223: Heap buffer overflow in ANGLE
Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24 [$10000][ 1505086 ] High CVE-2024-0224: Use after free in WebAudio
Severity: high
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-16
Published