Skip to main content

Participants Database

4 CVEs product

Monthly

CVE-2023-48751 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Participants Database
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-8596 HIGH This Week

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress SQLi PHP Participants Database
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-14126 MEDIUM POC This Month

The Participants Database plugin before 1.7.5.10 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Participants Database
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2014-3961 HIGH POC PATCH This Week

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Participants Database
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
5.9%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Participants Database
NVD
EPSS 2% CVSS 7.5
HIGH This Week

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress SQLi PHP +1
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The Participants Database plugin before 1.7.5.10 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Participants Database
NVD Exploit-DB
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Participants Database
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy