bde574786

2 exploits Active since Feb 2023
CVE-2023-4300 NOMISEC HIGH WORKING POC
Import XML and RSS Feeds WordPress Plugin < 2.1.4 - PHP File Upload Code Execution
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
CVSS 7.2
CVE-2023-25813 NOMISEC CRITICAL WORKING POC
Sequelize < 6.19.1 - SQL Injection via Replacements
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.
CVSS 10.0