WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-15268

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-68864 WordPress Infility Global plugin <= 2.15.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through = 2.15.11...

WordPress Infility Global plugin <= 2.14.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Infility Global versions = 2.14.51...

CVE-2025-68865 WordPress Infility Global plugin <= 2.15.06 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through = 2.15.06...

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

WordPress Infility Global plugin <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter vulnerability

Reflected Cross-Site Scripting via settype Parameter vulnerability discovered by vgo0 in WordPress Plugin Infility Global versions = 2.9.8...

EUVD-2025-203000

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.23. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

CVE-2025-12968

CVE-2025-12968 covers the Infility Global WordPress plugin. Wordfence details show an Authenticated (Subscriber+) Arbitrary File Upload vulnerability caused by: (1) upload_file MIME type validation, which can be spoofed, and (2) missing capability checks in import_data. Affected versions are up t...

CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

WordPress plugin Infility Global 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2024-50746

Malicious code in bioql PyPI...

EUVD-2024-34169

Malicious code in bioql PyPI...

WordPress Infility Global <= 2.14.51 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Infility Global versions = 2.14.51...

WordPress plugin Infility Global 跨站脚本漏洞

WordPress is a set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers, WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Infility Global, which stems from improper...