Xnau: >> Participants Database >> 1.6.2.3 Security Vulnerabilities
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-19
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-28
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
CVSS Score
7.5
EPSS Score
0.013
Published
2020-02-11