CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Patchstack•added 2026/03/25 8:20 a.m.•4 views

WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability

Unauthenticated SQL Injection via Listing Grid 'filteredquery' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...

7.5CVSS5.9AI score0.00119EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/24 4:27 a.m.•2 views

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

7.5CVSS5.8AI score0.00119EPSS

Exploits0References6

CVE•added 2026/03/24 4:27 a.m.•21 views

CVE-2026-4662

Affected software: JetEngine WordPress plugin. Vulnerability: SQL Injection via the listing_load_more AJAX action in all versions up to and including 3.8.6.1. Root cause: The filtered_query parameter is excluded from HMAC signature validation and the prepare_where_clause() in the SQL Query Builde...

7.5CVSS5.8AI score0.00119EPSS

Exploits0References6

OSV•added 2024/10/31 7:15 p.m.•3 views

CVE-2024-50802

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...

6CVSS8.1AI score0.00079EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by