Strategy11 Awp Classifieds vulnerabilities
5 known vulnerabilities affecting strategy11/awp_classifieds.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-3254P1CRITICALCVSS 9.8ExploitedPoCfixed in 4.32022-10-31
CVE-2022-3254 [CRITICAL] CWE-89 CVE-2022-3254: The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape s
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
nvd
CVE-2014-10013P3HIGHCVSS 7.5PoCv3.3.12015-01-13
CVE-2014-10013 [HIGH] CWE-89 CVE-2014-10013: SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
nvd
CVE-2024-31350P3HIGHCVSS 8.8fixed in 4.3.22024-06-09
CVE-2024-31350 [HIGH] CWE-862 CVE-2024-31350: Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP C
Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
nvd
CVE-2023-41801P4HIGHCVSS 8.8fixed in 4.3.12023-10-06
CVE-2023-41801 [HIGH] CWE-352 CVE-2023-41801: Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by A
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.
nvd
CVE-2014-10012P4MEDIUMCVSS 4.3v3.3.12015-01-13
CVE-2014-10012 [MEDIUM] CWE-79 CVE-2014-10012: Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for Word
Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
nvd