Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-14000

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...

EUVD-2025-204796

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-14000

CVE-2025-14000 (CWE-79): The WordPress plugin “Membership Plugin – Restrict Content” is vulnerable to stored XSS via the plugin’s register_form and restrict shortcodes in versions up to 3.2.15 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access a...

PT-2025-52735

Name of the Vulnerable Software and Affected Versions Membership Plugin – Restrict Content versions up to and including 3.2.15 Description The Membership Plugin – Restrict Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'register form' and 'restrict'...

WordPress Membership Plugin – Restrict Content plugin <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Restrict Content versions = 3.2.15...

Linux Distros Unpatched Vulnerability : CVE-2018-1999022

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method,...

CVE-2025-27140

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

CVE-2025-27140

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

CVE-2025-27140

WeGIA (web manager for charitable institutions) is affected by an OS Command Injection in versions prior to 3.2.15, specifically via the importar_dump.php endpoint. The vulnerability allows remote code execution and could enable uploading a webshell by moving or manipulating a temporary file. Ver...

CVE-2025-27133

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the adicionartipoexame.php endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive...

CVE-2025-27133

CVE-2025-27133 affects WeGIA (Web manager for charitable institutions) prior to version 3.2.15. A SQL injection vulnerability exists at the adicionar_tipo_exame.php endpoint, parameter tipo_exame, allowing an authorized attacker to execute arbitrary SQL queries and access sensitive information. T...

CVE-2025-27133 WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the adicionartipoexame.php endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive...

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An access control error vulnerability exists in WeGIA versions prior to 3.2.15. An attacker exploiting this vulnerability could execute arbitrary code, including uploading a webshell...

PT-2025-1722 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.15 Description: The issue is related to blind time-based SQL Injection via the data parameter due to insufficient escaping on the user-supplied parameter and...

WordPress Cost Calculator Builder PRO plugin <= 3.2.15 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator Builder Pro versions = 3.2.15...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.15 is vulnerable to Cross Site Scripting (XSS)

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.15 Fixed in 3.2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9504 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

CVE-2024-43144

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15...

WordPress plugin Cost Calculator Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator Builder versions = 3.2.15...