1919 matches found
EUVD-2025-35920
The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2025-10748
CVE-2025-10748 affects the RapidResult WordPress plugin. It allows SQL Injection via the s parameter in all versions up to and including 1.2. The vulnerability arises from insufficient escaping of user input and inadequate preparation of the SQL query, enabling authenticated attackers with contri...
CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...
EUVD-2025-35320
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient escaping on the user supplied parameter and...
📄 Log2Space Subscriber Management Software 1.1 SQL Injection
Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...
CVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
EUVD-2025-35106
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
CVE-2025-8052
CVE-2025-8052 affects OpenText Flipper 3.1.2. The vulnerability is a SQL Injection via the HQL processor that could let a low-privilege user interact with the database and extract data. The available connected sources consistently describe the impact as SQL injection with high confidentiality/int...
CVE-2025-8052 HQL Injection vulnerability has been discovered in Opentext Flipper.
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
Exploit for Deserialization of Untrusted Data in Google Android
Project Documentation Official QQ Group: 745307987 Although P...
CVE-2025-10187
The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-10660
The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10743
The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...
CVE-2025-10660
The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10682
CVE-2025-10682 affects the TARIFFUXX WordPress plugin (versions
EUVD-2025-34565
The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
EUVD-2025-34566
The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...