CVE-2026-3003

Product/impact context: The Vagaro Booking Widget WordPress plugin (for WordPress) up to version 0.3 is vulnerable to a Stored Cross-Site Scripting (XSS) via the vagaro_code parameter due to insufficient input sanitization and output escaping. What is affected: the plugin’s handling of vagaro_cod...

CVE-2026-3003 Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code'

The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagarocode’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

PT-2026-26846

The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagaro code’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

EUVD-2026-12427

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2026-4238

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2026-4238

CVE-2026-4238 affects itsourcecode College Management System 1.0. The vulnerability is an SQL injection in /admin/courses.php via the course_code argument, allowing remote attack. Public exploit information exists per the description. The records provide CVSS metrics (base score around 4.7; MEDIU...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the coursecode parameter in the file...

CVE-2025-14353 ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Warranty Tracking System SQL注入漏洞

The Warranty Tracking System is a warranty record management system developed by Warranty Tracking Company. Version 11.06.3 of the Warranty Tracking System contains an SQL injection vulnerability. This vulnerability stems from the txtCustomerCode, txtCustomerName, and txtPhone parameters, which m...

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

EUVD-2026-9339

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487 itsourcecode College Management System class-result.php sql injection

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487

The CVE-2026-3487 entry concerns itsourcecode College Management System 1.0. A SQL injection flaw affects the handling of /admin/class-result.php, where manipulating the course_code argument enables remote, unauthenticated exploitation. The vulnerability is publicly exploited or publicly disclose...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

PT-2026-22465

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7 Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized,...

CVE-2026-3149

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument coursecode can lead to sql injection. The attack can be executed...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...