Vulnerabilities (CVE)

Filtered by vendor Floriansimunek Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11372 1 Floriansimunek 1 Connexion Logs 2025-06-09 N/A 7.2 HIGH
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-11373 1 Floriansimunek 1 Connexion Logs 2025-06-09 N/A 4.3 MEDIUM
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack