Lucene search
K

361 matches found

EUVD
EUVD
added 2026/05/29 7:46 a.m.11 views

EUVD-2026-33259

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 12:0 a.m.10 views

EUVD-2026-33350

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44900

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 12:0 a.m.16 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44760

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00288EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:0 a.m.9 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 12:0 a.m.30 views

CVE-2026-39229

Bolt CMS up to version 3.7.0 is affected by an SQL Injection in the order parameter of content listing pages, exploitable by an authenticated attacker with low privileges via the OrderDirective component. This can lead to extraction of sensitive information. The CVSS 3.1 base score is 6.5 (Medium...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 4:13 a.m.5 views

SUSE CVE-2023-46575

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter...

9.8CVSS7.7AI score0.01276EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 2:16 a.m.16 views

CVE-2026-8685

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS0.00359EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8685

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31020

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.7 views

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.8 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 9:26 a.m.49 views

CVE-2026-4798 Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00511EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

FilePress 注入漏洞

FilePress is a file-driven website building system developed by zyx0814. It supports cloud storage management and multi-mode file display. Versions of FilePress 2.2.0 and earlier had an injection vulnerability. This vulnerability stemmed from improper handling of the order parameter in the Shares...

7.5CVSS7.2AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

youlai-boot 注入漏洞

Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-5207

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder