1561 matches found
Youzify < 1.2.0 - Unauthenticated SQLi
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...
WordPress KiviCare <2.3.9 - SQL Injection
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...
WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting
WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the...
CVE-2026-12729
The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...
Web Directory Free < 1.7.0 - SQL Injection
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. id: CVE-2024-3552 info: name: Web Directory Free 1.7.0 - SQL...
CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-14249
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...
CVE-2026-14249 Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...
CVE-2026-11887
The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...
CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
CVE-2026-12415
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
CVE-2026-10835
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
EUVD-2026-39625
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
EUVD-2026-38214
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-11912 Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action
The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...
CVE-2017-20257 Joomla! Component Quiz Deluxe 3.7.4 SQL Injection
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...
CVE-2017-20257
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands via the ajaxaction.flag_question task. Exploitation can occur by injecting malicious SQL through the stu_quiz_id or flag_quest parameters to manipula...
CVE-2026-9815
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...