Wp Sessions Time Monitoring Full Automatic
Monthly
SQL injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic (versions 1.1.4 and earlier) allows authenticated users with Subscriber-level access to inject malicious SQL into backend database queries. The CVSS scope change (S:C) and high confidentiality impact indicate that exploitation can expose data beyond the plugin's own context, including potentially the broader WordPress database. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic (versions 1.1.4 and earlier) allows authenticated users with Subscriber-level access to inject malicious SQL into backend database queries. The CVSS scope change (S:C) and high confidentiality impact indicate that exploitation can expose data beyond the plugin's own context, including potentially the broader WordPress database. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.