Lucene search
K

217093 matches found

Nuclei
Nuclei
added 16 hours ago46 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.3AI score0.01646EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago12 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS6AI score0.02277EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago20 views

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval, letting unauthenticated attackers execute arbitrary PHP code on the server. id: CVE-2026-6433 info: name: FlipperCode Custom CSS, JS & PHP = 2.0.7 -...

7.3CVSS6.3AI score0.00753EPSS
Exploits2References4
Nuclei
Nuclei
added 16 hours ago14 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.3AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago32 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7.2AI score0.01549EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago69 views

Hoteldruid v3.0.5 - SQL Injection

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the nutenteagg parameter at /hoteldruid/interconnessioni.php. id: CVE-2023-43373 info: name: Hoteldruid v3.0.5 - SQL Injection author: ritikchaddha severity: critical description: | Hoteldruid v3.0.5 was discovered to...

9.8CVSS7.2AI score0.03753EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago61 views

PrestaShop productsalert - SQL Injection

In the module 'Products Alert' productsalert up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho severity: critical description: | In the module...

7.3CVSS5.9AI score0.00963EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago49 views

Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

9.8CVSS7.2AI score0.0289EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago14 views

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

9.8CVSS7.2AI score0.04278EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago38 views

REST API TO MiniProgram <= 4.7.1 - SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS6AI score0.03792EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago120 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS6AI score0.02991EPSS
Exploits4References3
Nuclei
Nuclei
added 16 hours ago75 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.2AI score0.04522EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago47 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...

7.2CVSS7.2AI score0.04522EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago51 views

Helmet Store Showroom v1.0 - SQL Injection

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...

9.8CVSS7.2AI score0.0431EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago43 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7.1AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago96 views

NEX-Forms Plugin < 7.9.7 - SQL Injection

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7.2AI score0.10375EPSS
Exploits5References5
Nuclei
Nuclei
added 16 hours ago91 views

WordPress Visitor Statistics <=5.7 - SQL Injection

WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...

9.8CVSS7.3AI score0.03413EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago18 views

Chamilo model.ajax.php - SQL Injection

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. id: CVE-2021-34187 info: name: Chamilo model.ajax.php - SQL Injection author: DhiyaneshDK severity: critical description: | main/inc/ajax/model.ajax.php in Chamilo...

9.8CVSS7.3AI score0.16181EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago48 views

Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. id: CVE-2025-29085 info: name: Vipshop Saturn Console = 3.5.1 - SQL Injection via ClusterKey Component author:...

9.8CVSS6.4AI score0.28338EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago61 views

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.2AI score0.02626EPSS
Exploits2References5
Rows per page
Query Builder