Wp Data Access
Monthly
Unauthenticated SQL injection in the WP Data Access WordPress plugin (versions <= 5.5.70) allows remote attackers to inject arbitrary SQL through the plugin's interfaces without authentication. The high CVSS 9.3 score reflects a scope change (S:C) that lets the injection reach beyond the vulnerable component, exposing the entire WordPress database to confidentiality compromise. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL injection in the WP Data Access WordPress plugin (versions <= 5.5.70) allows remote attackers to inject arbitrary SQL through the plugin's interfaces without authentication. The high CVSS 9.3 score reflects a scope change (S:C) that lets the injection reach beyond the vulnerable component, exposing the entire WordPress database to confidentiality compromise. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.