Description
WordPress Plugin KBoard is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin KBoard version 3.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4 or latest
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2006-2753)
WordPress Plugin WP Subscribe Cross-Site Scripting (1.0.2)
axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-1214)
WordPress Plugin PostmagThemes Demo Import Arbitrary File Upload (1.0.7)
WordPress Plugin Advanced Advertising System PHP Object Injection (1.3.1)