📄 dotCMS 24.04.24 Vulnerability Scanner

dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...

PT-2025-50571

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘starting with’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2025-50759

Name of the Vulnerable Software and Affected Versions CSZCMS version 1.3.0 Description The software contains an authenticated SQL injection issue in the members view functionality. Authenticated attackers can manipulate database queries by injecting malicious SQL code through the view parameter...

EUVD-2021-34735

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2025-12850

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-41743

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes...

CVE-2025-41743

The CVE-2025-41743 entry affects Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3. Root cause: insufficient encryption strength in update images. Impact: a local, unprivileged attacker can extract data from update images and obtain limited information about system architecture and i...

PT-2025-48665

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-13385

CVE-2025-13385 affects the WordPress plugin Bookme – Free Online Appointment Booking and Scheduling System (versions up to 4.2). The vulnerability is a time-based SQL Injection arising from insufficient escaping of the filter[status] parameter in the affected SQL query, enabling an authenticated ...

CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

EUVD-2025-198609

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2025-47974

Name of the Vulnerable Software and Affected Versions The Perfect Brands for WooCommerce plugin for WordPress versions through 3.6.2 Description The Perfect Brands for WooCommerce plugin for WordPress is susceptible to time-based SQL Injection through the brands attribute of the products shortcod...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the schemas parameter being vulnerable to SQL injection attacks, which could lead to...

0 Day Analytics < 4.1.0 - Authenticated (Administrator+) SQL Injection

Description The 0 Day Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

EUVD-2025-197716

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

PT-2025-47071

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 1.2.35 Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to SQL Injection due to insufficient input validation and query...

CVE-2025-11981

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-11981 School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...