EUVD-2026-11158

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

PT-2026-24674

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check in date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Varient SQL注入漏洞

Varient is a news magazine software developed by Varient Corporation. Version 1.6.1 of Varient contains an SQL injection vulnerability. This vulnerability stems from the userid parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of...

CVE-2025-14353

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-2429

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

CVE-2025-14353

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

PT-2026-23810

Name of the Vulnerable Software and Affected Versions ZIP Code Based Content Protection plugin for WordPress versions up to and including 1.0.2 Description The ZIP Code Based Content Protection plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization of the zipcod...

EUVD-2018-21648

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

EUVD-2018-21628

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

EUVD-2018-21625

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

CVE-2018-25197

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=complayjoom&view=genre&catid=SQL to extract sensitive...

CVE-2018-25196 ServerZilla 1.0 SQL Injection via email Parameter

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

CVE-2018-25196 ServerZilla 1.0 SQL Injection via email Parameter

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

CVE-2018-25182

CVE-2018-25182 affects Silurus Classifieds Script 2.0. The vulnerability is an SQL injection in wcategory.php via the ID parameter, allowing unauthenticated remote attackers to craft SQL payloads to extract database names and sensitive information. CVSS metrics indicate high severity (CVSS 3.1: 8...

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...