Lucene search
+L

31 matches found

nvd
nvd
added 6 days ago9 views

CVE-2026-15300

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS0.00349EPSS
Exploits0References6
euvd
euvd
added 6 days ago8 views

EUVD-2026-42807

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
cvelist
cvelist
added 6 days ago31 views

CVE-2026-15300 GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS0.00349EPSS
Exploits0References6
cve
cve
added 6 days ago11 views

CVE-2026-15300

CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
euvd
euvd
added 2026/06/25 3:42 a.m.6 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
cve
cve
added 2026/06/25 3:42 a.m.23 views

CVE-2026-12077

CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
nvd
nvd
added 2026/05/20 8:16 p.m.17 views

CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS0.00221EPSS
Exploits0References3
euvd
euvd
added 2026/05/20 7:39 p.m.11 views

EUVD-2026-31185

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/20 7:39 p.m.7 views

CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/15 7:10 a.m.13 views

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
nvd
nvd
added 2026/02/14 7:16 a.m.9 views

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS0.00245EPSS
Exploits0References4
cve
cve
added 2026/02/14 6:42 a.m.24 views

CVE-2026-1096

CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/02/14 6:42 a.m.2 views

CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/13 10:53 p.m.6 views

CVE-2026-0843

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

6.5CVSS7.1AI score0.00197EPSS
Exploits0References1
nvd
nvd
added 2026/01/11 9:15 a.m.7 views

CVE-2026-0843

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

6.5CVSS0.00197EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/01/11 9:2 a.m.4 views

CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

6.5CVSS6.8AI score0.00197EPSS
Exploits0References4
cvelist
cvelist
added 2026/01/11 9:2 a.m.26 views

CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

6.5CVSS0.00197EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/11 12:0 a.m.8 views

PT-2026-2039

Name of the Vulnerable Software and Affected Versions jjjfood and jjjshop food versions up to 20260103 Description A flaw exists in jjjfood and jjjshop food that allows for SQL injection. The issue is located in unknown code within the file '/index.php/api/product.category/index'. Manipulation of...

6.5CVSS6.5AI score0.00197EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/01/11 12:0 a.m.3 views

jiujiujia jjjshop_food_php SQL注入漏洞

jiujiujia jjjshopfoodphp is a restaurant chain ordering software from China's Jiu Jiu Jia jiujiujia company. A SQL injection vulnerability exists in jiujiujia jjjshopfoodphp 20260103 and earlier versions, which stems from incorrect manipulation of the parameter latitude in the file...

6.5CVSS6.8AI score0.00197EPSS
Exploits0References5
Rows per page
Query Builder