Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2024-43141

Disclosure Date: August 13, 2024 (last updated August 14, 2024)
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.
0
0
Attacker Value
Unknown

CVE-2023-48751

Disclosure Date: December 19, 2023 (last updated December 23, 2023)
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-31235

Disclosure Date: November 09, 2023 (last updated November 16, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-47612

Disclosure Date: February 28, 2023 (last updated November 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-8596

Disclosure Date: February 11, 2020 (last updated February 21, 2025)
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-14126

Disclosure Date: September 04, 2017 (last updated November 26, 2024)
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
0
0
Attacker Value
Unknown

CVE-2014-3961

Disclosure Date: June 04, 2014 (last updated October 05, 2023)
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
0
0