WordPress Plugin Vulnerabilities

Order Your Posts Manually <= 2.2.5 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape the sortdata parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affects Plugins

Plugin icon
order-your-posts-manually
No known fix

References

CVE
CVE-2023-32508

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
minhtuanact
Verified
No
WPVDB ID
933d3e5d-dcce-4afb-ac3d-7a0fc5695093

Timeline

Publicly Published
2023-05-10 (about 1 years ago)
Added
2023-08-24 (about 8 months ago)
Last Updated
2023-08-24 (about 8 months ago)

Other

Published
Title
Published
2015-08-25
Title
Job Manager <= 0.7.24 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2022-04-20
Title
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Published
2022-06-13
Title
WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
Published
2024-03-13
Title
Otter Blocks < 2.6.5 - Contributor+ Stored Cross-Site Scripting
Published
2023-05-16
Title
Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting