Vulnerabilities (CVE)

Filtered by vendor Xnau Subscribe

Filtered by product Participants Database

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-48751	1 Xnau	1 Participants Database	2023-12-22	N/A	8.8 HIGH
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
CVE-2023-31235	1 Xnau	1 Participants Database	2023-11-15	N/A	8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVE-2020-8596	1 Xnau	1 Participants Database	2020-02-25	6.0 MEDIUM	7.5 HIGH
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).