Lucene search
K

39 matches found

Nuclei
Nuclei
added 11 hours ago10 views

WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

9.3CVSS6.2AI score0.01425EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-54726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...

9.3CVSS5.9AI score0.01425EPSS
In wildExploits2References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.3 views

CVE-2026-32513

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15870

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.4 views

CVE-2026-32513

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.2 views

CVE-2026-32513

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

5.8AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.23 views

CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.9 views

CVE-2026-32513

CVE-2026-32513 is a vulnerability in the WordPress plugin “JS Archive List” (jquery-archive-list-widget). The Wordfence entry documents a Deserialization of Untrusted Data issue that enables Object Injection in the JS Archive List widget, affecting versions from unknown (n/a) up to and including ...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin JS Archive List 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28027

Name of the Vulnerable Software and Affected Versions JS Archive List versions through 6.1.7 Description A flaw exists in the deserialization of untrusted data within the jquery-archive-list-widget component of JS Archive List, potentially allowing for object injection. Recommendations Update JS...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/20 5:23 p.m.7 views

WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JS Archive List versions = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/09 6:42 a.m.8 views

WordPress JS Archive List plugin <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability

Authenticated Contributor+ PHP Object Injection via 'included' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin JS Archive List versions = 6.1.7...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.5 views

CVE-2026-2020

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

7.5CVSS6AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 3:30 a.m.6 views

EUVD-2026-10098

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

7.5CVSS6AI score0.00418EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/07 1:21 a.m.33 views

CVE-2026-2020 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

7.5CVSS0.00418EPSS
Exploits0References6
CVE
CVE
added 2026/03/07 1:21 a.m.10 views

CVE-2026-2020

The WordPress JS Archive List plugin (all versions up to 6.1.7) is vulnerable to PHP Object Injection via the shortcodes’ included attribute. The vulnerability arises from deserializing untrusted input, enabling authenticated attackers with Contributor-level access or higher to inject a PHP objec...

7.5CVSS6AI score0.00418EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.5 views

WordPress plugin JS Archive List 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

7.5CVSS5.9AI score0.00418EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress JS Archive List plugin <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function vulnerability

Unauthenticated SQL Injection via buildsqlwhere Function vulnerability discovered by mikemyers in WordPress Plugin JS Archive List versions = 6.1.5...

7.5CVSS6AI score0.00465EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28565

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.01425EPSS
Exploits2References1
Rows per page
Query Builder