Mitchelllevy: >> Ahathat Security Vulnerabilities
The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-05-15
The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVSS Score
4.7
EPSS Score
0.0
Published
2025-01-02