Lucene search
K

1958 matches found

Positive Technologies
Positive Technologies
added 2025/04/27 12:0 a.m.4 views

PT-2025-17977 · Goldendb · Goldendb

Name of the Vulnerable Software and Affected Versions: GoldenDB affected versions not specified Description: The issue concerns SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive...

7.5CVSS7.3AI score0.0029EPSS
Exploits0References6
CVE
CVE
added 2025/04/25 5:25 a.m.69 views

CVE-2025-3923

The CVE-2025-3923 entry describes a vulnerability in the WordPress plugin Prevent Direct Access – Protect WordPress Files for WordPress, affecting all versions up to 2.8.8. The issue is Sensitive Information Exposure caused by insufficient randomness in the generate_unique_string function, enabli...

5.3CVSS5.2AI score0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.9 views

PT-2025-17519 · WordPress · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress plugin for WordPress versions up to, and including, 1.11.37 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts, such as those limited to higher-level roles like administrators,...

7.5CVSS8AI score0.00295EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/04/19 2:22 a.m.5 views

CVE-2025-2010 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection

The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7.5AI score0.01549EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/04/18 5:24 p.m.294 views

Exploit for CVE-2024-42327

🛡️ Zabbix 7.0.0 SQL Injection Exploit Script A Python script...

9.9CVSS10AI score0.78831EPSS
Exploits13
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-16952 · WordPress · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protected plugin versions up to, and including, 2.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including all protected site content, if the 'Use Transient' setting is enabled. This is possibl...

5.3CVSS6.1AI score0.00306EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/04/11 9:21 a.m.29 views

CVE-2025-2128 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter

The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

6.5CVSS0.00337EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/10 12:25 p.m.40 views

ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

6.6AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/10 7:49 a.m.5 views

CVE-2025-3430

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.6AI score0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.4 views

PT-2025-15998 · Packagist · Ibexa/Fieldtype-Richtext

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.2 views

PT-2025-15997 · Packagist · Ezsystems/Ezplatform-Richtext

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.7AI score
Exploits0References5
OSV
OSV
added 2025/04/08 7:15 a.m.5 views

CVE-2025-3430

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.8AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 7:15 a.m.6 views

CVE-2025-3428

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/04/08 7:15 a.m.4 views

CVE-2025-3428

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.3AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 7:15 a.m.4 views

CVE-2025-3427

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.3 views

PT-2025-15332 · WordPress · Melhor Envio

Name of the Vulnerable Software and Affected Versions: Melhor Envio plugin for WordPress versions up to and including 2.15.9 Description: The issue allows unauthenticated attackers to extract sensitive data, including environment information, plugin tokens, shipping configurations, and limited...

5.3CVSS6.3AI score0.00359EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.8 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/05 1:44 a.m.9 views

CVE-2024-13604 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive dat...

7.5CVSS0.00416EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/04 5:22 a.m.6 views

CVE-2025-2317 Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter

The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS7.8AI score0.00414EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/02 9:21 a.m.7 views

CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

4.9CVSS7.8AI score0.00395EPSS
Exploits0References2
Rows per page
Query Builder