WordPress plugin vents Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin WPExperts Square For GiveWP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...

CVE-2024-13476

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtzwdsavedropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13479

The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-13478

The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

CVE-2024-13485 LTL Freight Quotes – ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection

The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13479

The CVE-2024-13479 entry for LTL Freight Quotes – SEFL Edition (WordPress plugin) is supported by connected data indicating an unauthenticated SQL Injection via dropship_edit_id and edit_id in all versions up to 3.2.4 due to insufficient escaping on the input and inadequate prep in the SQL query....

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13712

The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13676

The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'imagegallery' shortcode in all versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

CVE-2024-12315

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...

CVE-2025-0661

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

CVE-2025-0661 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

CVE-2024-13477

The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-13435

The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13531 ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection

The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'editid' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2024-13490

CVE-2024-13490 affects the LTL Freight Quotes – XPO Edition WordPress plugin. The vulnerability is an unauthenticated SQL Injection caused by insufficient escaping and poor query prep in the edit_id and dropship_edit_id parameters, exploitable in all versions up to 4.3.7. Remediation: upgrade to ...

CVE-2024-13435 Ebook Downloader <= 1.0 - Unauthenticated SQL Injection

The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...