27 matches found
EUVD-2026-39166
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-12077
CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
EUVD-2026-31185
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...
CVE-2026-1096
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2026-1096
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2026-1096
CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions
CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2026-0843
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...
CVE-2026-0843
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...
CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...
CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...
jiujiujia jjjshop_food_php SQL注入漏洞
jiujiujia jjjshopfoodphp is a restaurant chain ordering software from China's Jiu Jiu Jia jiujiujia company. A SQL injection vulnerability exists in jiujiujia jjjshopfoodphp 20260103 and earlier versions, which stems from incorrect manipulation of the parameter latitude in the file...
PT-2026-2039
Name of the Vulnerable Software and Affected Versions jjjfood and jjjshop food versions up to 20260103 Description A flaw exists in jjjfood and jjjshop food that allows for SQL injection. The issue is located in unknown code within the file '/index.php/api/product.category/index'. Manipulation of...
EUVD-2017-9146
Malware in sbrugna...
CVE-2024-25469
SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...
CVE-2024-3666
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible...
PT-2024-27109 · WordPress · The Opal Estate Pro
Name of the Vulnerable Software and Affected Versions: The Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the agent latitude and longitude parameters due to...