Lucene search
K

1958 matches found

OSV
OSV
added 2025/03/07 11:15 a.m.7 views

CVE-2025-1768

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00478EPSS
Exploits0References12
OSV
OSV
added 2025/03/07 9:15 a.m.4 views

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the regid parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS5.8AI score0.004EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 6:40 a.m.50 views

CVE-2024-13320

The CVE-2024-13320 entry describes an SQL Injection in the CURCY - WooCommerce Multi Currency - Currency Switcher WordPress plugin. Affected component: the wc_filter_price_meta[where] parameter; root cause: insufficient escaping and lack of prepared statements in the SQL query. Impact: unauthenti...

7.5CVSS7.8AI score0.00373EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.3 views

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.9AI score0.004EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2025/03/05 11:22 a.m.5 views

CVE-2025-1702 Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user suppli...

7.5CVSS7.8AI score0.00661EPSS
Exploits0References6
NVD
NVD
added 2025/03/05 10:15 a.m.5 views

CVE-2024-13778

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

6.5CVSS0.00321EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/05 9:21 a.m.4 views

CVE-2024-13778 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

6.5CVSS7.5AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2025/03/04 3:37 a.m.72 views

CVE-2025-1321

CVE-2025-1321 concerns the WordPress teachPress plugin. Connected sources confirm a SQL Injection via the tpsearch shortcode’s order parameter in all versions up to 9.0.7, caused by insufficient escaping and improper SQL query preparation. An authenticated attacker with Contributor-level access o...

8.8CVSS7.3AI score0.00447EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.298 views

Calibre 7.15.0 Code Injection

Calibre version 7.15.0 remote code injection proof of concept exploit. ============================================================================================================================================= | Title : Calibre 7.15.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

9.8CVSS10AI score0.83393EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/03/02 8:28 a.m.15 views

CVE-2024-13832

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'utelementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/02 7:19 a.m.9 views

CVE-2024-13796

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

7.5CVSS6.7AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 9:15 a.m.17 views

CVE-2024-13832

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'utelementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/28 4:21 a.m.8 views

CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

5.3CVSS5.2AI score0.00409EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/28 4:21 a.m.19 views

CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

5.3CVSS0.00409EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.4 views

PT-2025-9053 · WordPress · Comboblocks

Name of the Vulnerable Software and Affected Versions: The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress versions prior to 2.3.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including emails and other user data, via the...

7.5CVSS9.4AI score0.00409EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/02/26 3:27 a.m.19 views

CVE-2024-12434 SureMembers <= 1.10.6 - Sensitive Information Exposure

The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content...

5.3CVSS0.00511EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 12:26 a.m.8 views

CVE-2024-54820

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input...

9.8CVSS8AI score0.01149EPSS
Exploits1References1
OSV
OSV
added 2025/02/25 7:15 a.m.1 views

CVE-2025-1648

The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2025/02/21 12:15 p.m.2 views

CVE-2024-13713

The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS7.3AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder