CVE-2024-12614
- EPSS 0.58%
- Veröffentlicht 16.01.2025 10:15:08
- Zuletzt bearbeitet 17.01.2025 22:17:15
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it poss...
CVE-2024-12615
- EPSS 0.39%
- Veröffentlicht 16.01.2025 10:15:08
- Zuletzt bearbeitet 17.01.2025 22:17:11
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2024-12613
- EPSS 0.67%
- Veröffentlicht 16.01.2025 10:15:07
- Zuletzt bearbeitet 17.01.2025 22:17:16
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of suffici...