cbcvebase.

Xnau Participants Database vulnerabilities

6 known vulnerabilities affecting xnau/participants_database.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2014-3961P3HIGHCVSS 7.5PoC≤ 1.5.4.8v1.5.4+7 more2014-06-04
CVE-2014-3961 [HIGH] CWE-89 CVE-2014-3961: SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4. SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
nvd
CVE-2017-14126P3MEDIUMCVSS 6.1PoCv1.7.5.102017-09-04
CVE-2017-14126 [MEDIUM] CWE-79 CVE-2017-14126: The Participants Database plugin before 1.7.5.10 for WordPress has XSS. The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
nvd
CVE-2020-8596P3HIGHCVSS 7.5≤ 1.9.5.52020-02-11
CVE-2020-8596 [HIGH] CWE-89 CVE-2020-8596: participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for Word participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
nvd
CVE-2023-48751P3HIGHCVSS 8.8≤ 2.5.52023-12-19
CVE-2023-48751 [HIGH] CWE-352 CVE-2023-48751: Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdes Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
nvd
CVE-2023-31235P3HIGHCVSS 8.8fixed in 2.5.02023-11-09
CVE-2023-31235 [HIGH] CWE-352 CVE-2023-31235: Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Databa Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
nvd
CVE-2022-47612P4MEDIUMCVSS 4.3fixed in 2.4.62023-02-28
CVE-2022-47612 [MEDIUM] CWE-352 CVE-2022-47612: Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Databa Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
nvd
Xnau Participants Database vulnerabilities | cvebase