CVE-2025-10310 Rich Snippet Site Report <= 2.0.0105 - Authenticated (Admin+) SQL Injection

The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to, and including, 2.0.0105 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-10660 WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id

The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-34568

The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10660

CVE-2025-10660 details (CWE: SQL Injection). The WP Dashboard Chat plugin for WordPress is vulnerable via the id parameter in all versions up to 1.0.3 due to insufficient escaping of user input and inadequate preparation of the existing SQL query. This enables authentication-conscious actors with...

CVE-2025-10175

The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

EUVD-2025-33841

The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

EUVD-2025-33843

The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

CVE-2025-10175

The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2025-41642

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...

CVE-2025-10862

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on...

CVE-2025-10862

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on...

EUVD-2025-33233

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on...

CVE-2025-10586 Community Events <= 1.5.1 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘eventvenue’ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10649 Welcart e-Commerce <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie

The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2025-10587 Community Events <= 1.5.1 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the eventcategory parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-41223

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions through 6.0.6.2 Description The RegistrationMagic plugin for WordPress is susceptible to SQL Injection due to inadequate...

PT-2025-41247

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin for WordPress versions through 2.11.21 Description The Welcart e-Commerce plugin for WordPress is susceptible to SQL Injection through the cookie. Insufficient escaping of user-supplied values and inadequate preparati...

EUVD-2017-6296

Malware in sbrugna...