WordPress AHAthat Plugin plugin <= 1.6 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin AHAthat versions = 1.6...

EUVD-2024-50985

Malicious code in bioql PyPI...

EUVD-2025-13472

Malicious code in bioql PyPI...

CVE-2024-12595

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-11269

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks...

CVE-2024-11269

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks...

CVE-2024-11269

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks...

CVE-2024-11269 AHAthat Plugin <= 1.6 - Admin+ SQL Injection

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks...

CVE-2024-11269

The CVE-2024-11269 entry concerns the WordPress AHAthat Plugin (versions 1.6 and earlier). The vulnerability is an Admin-level SQL injection caused by not sanitizing/escaping a parameter before use in a SQL statement, enabling an administrator to perform injection attacks. Reports from Red Hat an...

CVE-2024-11269 AHAthat Plugin <= 1.6 - Admin+ SQL Injection

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks...

PT-2025-21419 · WordPress · Ahathat Plugin

Name of the Vulnerable Software and Affected Versions: AHAthat Plugin WordPress plugin versions 1.6 and earlier Description: The issue allows Admin to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before using it in a SQL statement. Recommendations: For...

WordPress plugin AHAthat Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-4337

The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the ahapluginpage function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged...

CVE-2025-4337

The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the ahapluginpage function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged...

CVE-2025-4337

Affected product: WordPress AHAthat Plugin, versions up to 1.6. The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation in aha_plugin_page(), enabling unauthenticated attackers to delete AHA pages by tricking an administrator. Impact: potential deletion of page...

CVE-2025-4337 AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion

The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the ahapluginpage function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged...

CVE-2025-4337 AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion

The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the ahapluginpage function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged...

PT-2025-19835 · WordPress · Ahathat Plugin

Name of the Vulnerable Software and Affected Versions: AHAthat Plugin for WordPress versions up to and including 1.6 Description: The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the aha plugin page function. This allows unauthenticated...

WordPress plugin AHAthat Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AHAthat plugin, which stems from the WEB application not adequately verifying that a request is coming from a...

CVE-2025-2511

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...