Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Xnau Subscribe
Filtered by product Participants Database
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47612 1 Xnau 1 Participants Database 2023-03-08 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
CVE-2020-8596 1 Xnau 1 Participants Database 2020-02-25 6.0 MEDIUM 7.5 HIGH
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
CVE-2017-14126 1 Xnau 1 Participants Database 2017-09-07 4.3 MEDIUM 6.1 MEDIUM
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2014-3961 1 Xnau 1 Participants Database 2014-06-05 7.5 HIGH N/A
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.