Vulnerabilities and security researches forclassic-editor-and-classic-widgets classic-editor-and-classic-widgets

Jun 06, 2024

CVE, Research URL: CVE-2023-27434
Home page URL: Security reports for Classic Editor and Classic Widgets
Application: Classic Editor and Classic Widgets
Date: Nov 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions.
Affected versions: max 1.2.6.
Status: vulnerable

Sep 29, 2024

CVE, Research URL: CVE-2024-47312
Home page URL: Security reports for Classic Editor and Classic Widgets
Application: Classic Editor and Classic Widgets
Date: Oct 17, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.
Affected versions: max 1.4.2.
Status: vulnerable