Lucene search
K

175 matches found

NVD
NVD
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.37 views

CVE-2026-12920 Cookie Banner for GDPR / CCPA <= 4.3.5 - Authenticated (Administrator+) SQL Injection via 's' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55443

Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...

4.9CVSS6AI score0.00301EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 9:32 a.m.16 views

CVE-2026-13251

The CVE-2026-13251 entry concerns the WordPress Perfmatters plugin (

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41272

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 10:16 a.m.9 views

CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 8:30 a.m.6 views

EUVD-2026-40938

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 8:30 a.m.15 views

CVE-2026-13454

CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:45 a.m.32 views

CVE-2026-3001 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 7:45 a.m.9 views

EUVD-2026-32114

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:45 a.m.10 views

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

6.1CVSS6AI score0.00204EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 7:45 a.m.22 views

CVE-2026-3001

The CWE: CVE-2026-3001 affects the Gutenverse WordPress plugin, up to version 3.4.6. The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search title block: render_content() echoes get_query_var('s') directly into HTML without escaping, enabling an attacker to craft a URL that inje...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 12:16 a.m.17 views

CVE-2026-9607

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/05/13 5:16 a.m.9 views

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/13 4:26 a.m.9 views

EUVD-2026-29900

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.6 views

CVE-2025-50668

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

7.5CVSS6AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.6 views

CVE-2025-50645

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoelistopt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow...

7.5CVSS6.1AI score0.00516EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:33 p.m.11 views

EUVD-2025-209358

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

6.2AI score0.00408EPSS
Exploits0References3
Rows per page
Query Builder