1967 matches found
CVE-2025-3430
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-3427
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-3428
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-3428
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-15332 · WordPress · Melhor Envio
Name of the Vulnerable Software and Affected Versions: Melhor Envio plugin for WordPress versions up to and including 2.15.9 Description: The issue allows unauthenticated attackers to extract sensitive data, including environment information, plugin tokens, shipping configurations, and limited...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-13604 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive dat...
CVE-2025-2317 Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter
The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
PT-2025-14027 · WordPress · Awesome Support
Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin versions up to, and including, 6.3.1 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support...
CVE-2025-2186
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...
CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId'
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...
CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection
The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-0723
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-2511 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter
The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
ROADCAM X3 安全漏洞
ROADCAM X3 is a car recorder with HD quality and easy to carry by ROADCAM. It is used to record the process of driving, and supports video cropping, sharing and other functions. ROADCAM X3 suffers from a security vulnerability that originates from the inclusion of hard-coded FTP credentials in th...
CVE-2024-13321
The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...
CVE-2019-25222
The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin Thumbnail carousel slider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2024-13430
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...