CVE-2023-48751
- EPSS 0.06%
- Published 19.12.2023 00:15:07
- Last modified 21.11.2024 08:32:22
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants ...
CVE-2023-31235
- EPSS 0.1%
- Published 09.11.2023 23:15:09
- Last modified 21.11.2024 08:01:40
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVE-2022-47612
- EPSS 0.07%
- Published 28.02.2023 15:15:11
- Last modified 21.11.2024 07:32:15
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
CVE-2020-8596
- EPSS 1.31%
- Published 11.02.2020 12:15:21
- Last modified 21.11.2024 05:39:05
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and pot...
CVE-2017-14126
- EPSS 2.39%
- Published 04.09.2017 20:29:00
- Last modified 20.04.2025 01:37:25
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2014-3961
- EPSS 8.52%
- Published 04.06.2014 14:55:07
- Last modified 12.04.2025 10:46:40
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.