CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

CVE-2026-49046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

8.5CVSS5.9AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/05/27 2:49 p.m.•30 views

CVE-2026-49046 WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

8.5CVSS0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•2 views

PT-2026-44024

8.5CVSS5.9AI score0.00033EPSS

Exploits0References2

Patchstack•added 2026/02/06 6:30 a.m.•4 views

WordPress EventON-RSVP plugin < 2.9.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin EventON-RSVP versions 2.9.5...

6.1CVSS6.2AI score0.00117EPSS

Exploits2References1Affected Software1

Cvelist•added 2026/01/23 2:28 p.m.•28 views

CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...

5.4CVSS0.00069EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•1 views

WordPress plugin Points and Rewards for WooCommerce has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.8AI score0.00069EPSS

Exploits0References1

Snyk•added 2025/11/19 9:0 p.m.•3 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the display parameter in API requests. An attacker can execute arbitrary SQL commands by supplying crafted input to t...

8.8CVSS8.3AI score0.00012EPSS

Exploits0References2

Cvelist•added 2025/11/19 7:9 p.m.•7 views

CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in ...

8.8CVSS0.00012EPSS

Exploits0References1

CNNVD•added 2025/11/19 12:0 a.m.•0 views

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open source management software for technical assistance and billing from Devcode Open Source. A SQL injection vulnerability exists in OpenSTAManager versions prior to 2.9.5. The vulnerability stems from a SQL injection in the API, which could cause an arbitrary user to execu...

8.8CVSS7.8AI score0.00012EPSS

Exploits0References1

Positive Technologies•added 2025/11/19 12:0 a.m.•5 views

PT-2025-47519

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.5 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection flaw exists in the API that allows authenticated users to execute arbitrary SQL queries,...

8.8CVSS7.6AI score0.00012EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-11122

Malware in sbrugna...

8.8CVSS8.7AI score0.00255EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4188

Malware in sbrugna...

7.5CVSS7.5AI score0.00334EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-11119

Malware in sbrugna...

4.9CVSS5.1AI score0.00256EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26645

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0028EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-11782

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.0016EPSS

Exploits0References1

CVE•added 2025/09/10 6:38 a.m.•15 views

CVE-2025-6189

CVE-2025-6189 affects the WordPress plugin “Duplicate Page and Post” (versions up to 2.9.5). The issue is a time-based SQL Injection via the meta_key parameter caused by insufficient escaping and improper SQL query preparation. Exploitation requires authenticated access at Contributor level or hi...

6.5CVSS5.9AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2025/09/05 9:31 p.m.•1 views

CVE-2025-8268

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the restlist and deletefiles functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded ...

6.5CVSS5.5AI score0.0028EPSS

Exploits0References1

Cvelist•added 2025/09/03 8:24 p.m.•4 views

CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion

6.5CVSS0.0028EPSS

Exploits0References4

Patchstack•added 2025/07/30 9:46 p.m.•10 views

WordPress AI Engine plugin 2.9.3-2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions 2.9.3-2.9.4...

8.8CVSS6.7AI score0.01644EPSS

Exploits2References1Affected Software1

RedhatCVE•added 2025/05/22 4:27 p.m.•3 views