CVE-2025-68034

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.21...

CVE-2025-68034

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.21...

WordPress plugin CleverReach has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress CleverReach® WP plugin <= 1.5.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin CleverReach® WP versions = 1.5.21...

EUVD-2025-9810

Malicious code in bioql PyPI...

CVE-2025-49059 WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverReach® WP: from n/a through 1.5.20...

WordPress CleverReach WP plugin <= 1.5.20 - Unauthenticated SQL Injection via title Parameter vulnerability

Unauthenticated SQL Injection via title Parameter vulnerability discovered by mikemyers in WordPress Plugin CleverReach® WP versions = 1.5.20...

WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN Patchstack Alliance in WordPress Plugin CleverReach® WP versions = 1.5.20...

CVE-2025-7036

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2025-7036

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2025-7036

CVE-2025-7036 affects the CleverReach WordPress plugin (CleverReachWP) for WordPress, with unauthenticated, time-based SQL injection via the title parameter in all versions up to 1.5.20. Root cause: insufficient escaping of user input and insufficient preparation of the existing SQL query. Impact...

PT-2025-32035 · WordPress · Cleverreach® Wp Plugin

Name of the Vulnerable Software and Affected Versions: CleverReach® WP plugin for WordPress versions through 1.5.20 Description: The CleverReach® WP plugin for WordPress is susceptible to time-based SQL Injection via the title parameter. Insufficient escaping of user-supplied input and inadequate...

WordPress plugin CleverReach 注入漏洞

WordPress CleverReach is a cloud-based enterprise email marketing software that supports integration with WordPress, WooCommerce and other platforms, providing automated marketing, personalized email delivery, A/B testing and more. WordPress CleverReach suffers from a SQL injection vulnerability...

CVE-2025-32241

Cross-Site Request Forgery CSRF vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce cleverreach-wc allows Cross Site Request Forgery.This issue affects Official CleverReach Plugin for WooCommerce: from n/a through = 3.4.6...

CVE-2025-32241

Cross-Site Request Forgery CSRF vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce cleverreach-wc allows Cross Site Request Forgery.This issue affects Official CleverReach Plugin for WooCommerce: from n/a through = 3.4.6...

CVE-2025-32241

CVE-2025-32241 affects the WordPress Official CleverReach WooCommerce Integration Plugin and is a CSRF to Settings Change vulnerability in versions 3.4.3 and earlier. The root cause is CSRF allowing unauthorized settings changes; impacts include potential manipulation of plugin settings. Mitigati...

CVE-2025-32241 WordPress Official CleverReach WooCommerce Integration Plugin <= 3.4.3 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce allows Cross Site Request Forgery. This issue affects Official CleverReach Plugin for WooCommerce: from n/a through 3.4.3...

WordPress Official CleverReach WooCommerce Integration plugin <= 3.4.6 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Official CleverReach Plugin for WooCommerce versions = 3.4.6...

PT-2025-15001 · Woocommerce · Cleverreach Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Official CleverReach Plugin for WooCommerce versions 3.4.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions 3.4.3 and earlier,...

WordPress plugin Official CleverReach Plugin for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...