Lucene search
K

349 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5588

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00501EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-53590

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00475EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-35262

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01455EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5500

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.01656EPSS
Exploits2References9
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.11 views

CVE-2025-9451

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.26 views

CVE-2025-9451

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.12 views

CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2025/09/11 7:24 a.m.28 views

CVE-2025-9451

The CVE relates to the WordPress plugin Smartcat Translator for WPML. It describes a time-based SQL injection via the orderby parameter in all versions up to 3.1.69, caused by insufficient escaping of user input and inadequate preparation of the SQL query. The vulnerability requires authenticatio...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.8 views

PT-2025-37143

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6.6AI score0.00287EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/07/10 12:0 a.m.150 views

📄 WordPress Events Manager 7.0.3 SQL Injection

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS8AI score0.55683EPSS
Exploits2
OSV
OSV
added 2025/07/09 11:15 p.m.4 views

CVE-2025-6970

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.8AI score0.55683EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.15 views

WordPress plugin Events Manager SQL注入漏洞

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

7.5CVSS7.5AI score0.55683EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.11 views

CVE-2024-57437

RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list...

6.5CVSS6.8AI score0.00475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.3 views

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges...

7.2CVSS6.6AI score0.0088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.7 views

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS6.6AI score0.00707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.9 views

CVE-2022-30047

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter...

9.8CVSS8.3AI score0.01455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.8 views

CVE-2022-27466

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do...

9.8CVSS8.3AI score0.01603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.3 views

CVE-2021-24728

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...

8.8CVSS7.4AI score0.01713EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.5 views

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.2CVSS7.8AI score0.01238EPSS
Exploits2References1
Rows per page
Query Builder