Lucene search
K

1967 matches found

OSV
OSV
added 2025/04/08 7:15 a.m.5 views

CVE-2025-3430

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.8AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 7:15 a.m.5 views

CVE-2025-3427

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00353EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 7:15 a.m.7 views

CVE-2025-3428

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/04/08 7:15 a.m.4 views

CVE-2025-3428

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.3AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.3 views

PT-2025-15332 · WordPress · Melhor Envio

Name of the Vulnerable Software and Affected Versions: Melhor Envio plugin for WordPress versions up to and including 2.15.9 Description: The issue allows unauthenticated attackers to extract sensitive data, including environment information, plugin tokens, shipping configurations, and limited...

5.3CVSS6.3AI score0.00359EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.8 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/05 1:44 a.m.10 views

CVE-2024-13604 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive dat...

7.5CVSS0.00416EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/04 5:22 a.m.6 views

CVE-2025-2317 Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter

The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS7.8AI score0.00445EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/02 9:21 a.m.7 views

CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

4.9CVSS7.8AI score0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-14027 · WordPress · Awesome Support

Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin versions up to, and including, 6.3.1 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support...

7.5CVSS7.9AI score0.00611EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/03/24 1:19 p.m.24 views

CVE-2025-2186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

7.5CVSS7.9AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/22 12:42 p.m.17 views

CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId'

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

7.5CVSS0.0042EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/22 6:41 a.m.16 views

CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00363EPSS
Exploits0References4
NVD
NVD
added 2025/03/22 5:15 a.m.15 views

CVE-2025-0723

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 11:10 a.m.11 views

CVE-2025-2511 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.5AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

ROADCAM X3 安全漏洞

ROADCAM X3 is a car recorder with HD quality and easy to carry by ROADCAM. It is used to record the process of driving, and supports video cropping, sharing and other functions. ROADCAM X3 suffers from a security vulnerability that originates from the inclusion of hard-coded FTP credentials in th...

9.8CVSS6.5AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/16 8:18 a.m.10 views

CVE-2024-13321

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...

9.8CVSS7.8AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2025/03/15 7:15 a.m.6 views

CVE-2019-25222

The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.8AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.4 views

WordPress plugin Thumbnail carousel slider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

4.9CVSS9.1AI score0.00414EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/14 7:58 p.m.20 views

CVE-2024-13430

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS6.5AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder