457766 matches found
CVE-2026-49772
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49774
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
EUVD-2026-37057
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49772
CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...
EUVD-2026-37056
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774 WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774
CVE-2026-49774 describes an "Improper Control of Generation of Code (Code Injection)" vulnerability in the WordPress RD Station plugin
EUVD-2026-37051
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-52715
GEO my WordPress plugin (WordPress)
CVE-2026-52715 WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
EUVD-2026-37049
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
CVE-2026-52712
CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...
CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
EUVD-2026-37047
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2026-39581
CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions
EUVD-2026-37046
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-39574 WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-39574
CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...