Vendor
Efence Project
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32754 | Cri | 0.64 | 9.8 | 0.01 | Jun 16, 2023 | Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | ||
| CVE-2023-22900 | Cri | 0.64 | 9.8 | 0.01 | Jan 31, 2023 | Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | ||
| CVE-2014-4526 | 0.00 | — | 0.02 | Jul 2, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter. |
- risk 0.64cvss 9.8epss 0.01
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
- risk 0.64cvss 9.8epss 0.01
Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
- CVE-2014-4526Jul 2, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.