40 matches found
CVE-2026-6222
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
EUVD-2026-32157
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
EUVD-2026-32156
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...
PT-2026-43593
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...
PT-2026-43594
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
CVE-2026-28201 SurrealDB Injection on Open Notebook
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...
EUVD-2026-28235
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
EUVD-2026-19673
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
CVE-2026-4325
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability
WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...
EUVD-2022-43118
Malicious code in bioql PyPI...
CVE-2020-36852
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...
CVE-2020-36852
The WordPress plugin Custom Searchable Data Entry System (versions ≤ 1.7.1) is vulnerable to unauthenticated database wiping due to a missing capability check and inadequate validation in ghazale_sds_delete_entries_table_row(). This allows unauthenticated attackers to wipe tables (e.g., wp_users)...
CVE-2020-36852 Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...
PT-2025-40063
Name of the Vulnerable Software and Affected Versions Custom Searchable Data Entry System plugin for WordPress versions up to and including 1.7.1 Description The Custom Searchable Data Entry System plugin for WordPress is susceptible to unauthenticated database wiping. This is due to a missing...
CVE-2017-18570
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries...
CVE-2013-3513
Multiple cross-site request forgery CSRF vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that 1 store XSS sequences or 2 delete entries...
PT-2024-15228 · WordPress · Smart Forms
Name of the Vulnerable Software and Affected Versions: Smart Forms WordPress plugin versions prior to 2.6.87 Description: The issue concerns a lack of authorization in various AJAX actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions lik...
CVE-2022-3764
The plugin does not filter the "deleteentries" parameter from user requests, leading to an SQL Injection vulnerability...