Vulnerabilidades Encontradas

Ultimate Product Catalogue 4.2.2 Sql Injection

Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ Description: Type user access: register user. $_POST['CatID'] is not escaped. File / Code: Path: /wp-content/plugins/ultimate-product-catalogue/Functions/Process_Ajax.php Line: 147 global $subcategories_table_name;…

WA Form Builder 1.1- Sql Injection

Homepage: https://wordpress.org/plugins/wa-form-builder/ Descrição: Acesso a qualquer usuário. $_POST[ 'wa_forms_Id' ] não possui filtro. WAFormBuilder_ui_output() é acessível para qualquer usuário. File /…
1 of 2
12