← Back

Xnau

xnau

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Participants Database
participants_database
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-48751
1Xnau
1Participants Database
Jun 17, 2026
Dec 19, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.Th...Show more
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.Show less
CVE-2023-31235
1Xnau
1Participants Database
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVE-2022-47612
1Xnau
1Participants Database
Jun 17, 2026
Feb 28, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
CVE-2020-8596
1Xnau
1Participants Database
Jun 17, 2026
Feb 11, 2020
N/A· v4
7.5 HIGH· v3
6.0 MEDIUM· v2
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possi...Show more
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).Show less
CVE-2017-14126
1Xnau
1Participants Database
May 13, 2026
Sep 4, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2014-3961
1Xnau
1Participants Database
May 6, 2026
Jun 4, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" act...Show more
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.Show less