39 matches found
WordPress JS Archive List <= 6.1.5 - SQL Injection
Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...
VulnCheck KEV: CVE-2025-54726
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...
CVE-2026-32513
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
EUVD-2026-15870
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
CVE-2026-32513
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
CVE-2026-32513
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...
CVE-2026-32513
CVE-2026-32513 is a vulnerability in the WordPress plugin “JS Archive List” (jquery-archive-list-widget). The Wordfence entry documents a Deserialization of Untrusted Data issue that enables Object Injection in the JS Archive List widget, affecting versions from unknown (n/a) up to and including ...
WordPress plugin JS Archive List 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
PT-2026-28027
Name of the Vulnerable Software and Affected Versions JS Archive List versions through 6.1.7 Description A flaw exists in the deserialization of untrusted data within the jquery-archive-list-widget component of JS Archive List, potentially allowing for object injection. Recommendations Update JS...
WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JS Archive List versions = 6.1.7...
WordPress JS Archive List plugin <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability
Authenticated Contributor+ PHP Object Injection via 'included' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin JS Archive List versions = 6.1.7...
CVE-2026-2020
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...
EUVD-2026-10098
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...
CVE-2026-2020 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...
CVE-2026-2020
The WordPress JS Archive List plugin (all versions up to 6.1.7) is vulnerable to PHP Object Injection via the shortcodes’ included attribute. The vulnerability arises from deserializing untrusted input, enabling authenticated attackers with Contributor-level access or higher to inject a PHP objec...
WordPress plugin JS Archive List 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
WordPress JS Archive List plugin <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function vulnerability
Unauthenticated SQL Injection via buildsqlwhere Function vulnerability discovered by mikemyers in WordPress Plugin JS Archive List versions = 6.1.5...
EUVD-2025-28565
Malicious code in bioql PyPI...