Vendor

Xnau

Products

CVEs

Across products

Status

Private

Products

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-14126	Med	0.43	6.1	0.02	Sep 4, 2017	The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2023-31235	Med	0.35	5.4	0.00	Nov 9, 2023	Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVE-2023-48751	Med	0.28	4.3	0.00	Dec 19, 2023	Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
CVE-2014-3961		0.03	—	0.06	Jun 4, 2014	SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.

CVE-2017-14126MedSep 4, 2017
risk 0.43cvss 6.1epss 0.02
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2023-31235MedNov 9, 2023
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVE-2023-48751MedDec 19, 2023
risk 0.28cvss 4.3epss 0.00
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.
CVE-2014-3961Jun 4, 2014
risk 0.03cvss —epss 0.06
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.