Skip to main content

Wp Sessions Time Monitoring Full Automatic

3 CVEs product

Monthly

CVE-2026-39581 HIGH This Week

SQL injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic (versions 1.1.4 and earlier) allows authenticated users with Subscriber-level access to inject malicious SQL into backend database queries. The CVSS scope change (S:C) and high confidentiality impact indicate that exploitation can expose data beyond the plugin's own context, including potentially the broader WordPress database. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi Wp Sessions Time Monitoring Full Automatic
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-32362 MEDIUM This Month

Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.

Authentication Bypass Wp Sessions Time Monitoring Full Automatic
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-5203 HIGH POC This Week

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi Wp Sessions Time Monitoring Full Automatic
NVD WPScan
CVSS 3.1
7.5
EPSS
2.2%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic (versions 1.1.4 and earlier) allows authenticated users with Subscriber-level access to inject malicious SQL into backend database queries. The CVSS scope change (S:C) and high confidentiality impact indicate that exploitation can expose data beyond the plugin's own context, including potentially the broader WordPress database. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi Wp Sessions Time Monitoring Full Automatic
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.

Authentication Bypass Wp Sessions Time Monitoring Full Automatic
NVD VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy