349 matches found
EUVD-2025-5588
Malicious code in bioql PyPI...
EUVD-2024-53590
Malicious code in bioql PyPI...
EUVD-2022-35262
Malicious code in bioql PyPI...
EUVD-2022-5500
Malicious code in bioql PyPI...
CVE-2025-9451
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-9451
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-9451
The CVE relates to the WordPress plugin Smartcat Translator for WPML. It describes a time-based SQL injection via the orderby parameter in all versions up to 3.1.69, caused by insufficient escaping of user input and inadequate preparation of the SQL query. The vulnerability requires authenticatio...
CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
PT-2025-37143
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
📄 WordPress Events Manager 7.0.3 SQL Injection
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-6970
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress plugin Events Manager SQL注入漏洞
WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...
CVE-2024-57437
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list...
CVE-2023-0254
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges...
CVE-2023-3023
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2022-30047
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter...
CVE-2022-27466
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do...
CVE-2021-24728
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...
CVE-2021-24877
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...