Xnau : Security Vulnerabilities, CVEs,
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-19
Updated
2023-12-22
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-11-09
Updated
2023-11-15
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-02-28
Updated
2023-03-08
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
Max CVSS
7.5
EPSS Score
0.12%
Published
2020-02-11
Updated
2020-02-25
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
Max CVSS
6.1
EPSS Score
0.23%
Published
2017-09-04
Updated
2017-09-08
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Max CVSS
7.5
EPSS Score
0.58%
Published
2014-06-04
Updated
2014-06-05
6 vulnerabilities found