Lucene search
K

340 matches found

CVE
CVE
added 2026/05/02 6:44 a.m.12 views

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.12 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 8:29 a.m.7 views

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter vulnerability

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin = 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin WP Maps versions = 4.9.1...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/22 11:24 p.m.1 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/22 11:24 p.m.2 views

CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
CVE
CVE
added 2026/03/22 11:24 p.m.10 views

CVE-2026-2580

The CVE-2026-2580 entry concerns the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters WordPress plugin (up to v4.9.1). The root cause is insufficient escaping and insufficient preparation of an SQL query, enabling time-based SQL Injection via the ‘orderby’...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/22 11:24 p.m.30 views

CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.3 views

PT-2026-27034

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions up to and including 4.9.1 Description The WP Maps plugin for WordPress is susceptible to time-based SQL Injection. This is...

7.5CVSS5.8AI score0.00444EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.10 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00371EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806 WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.24 views

CVE-2026-0806

The WP-ClanWars WordPress plugin (

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.35 views

CVE-2026-0806 WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00371EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/24 5:38 a.m.11 views

WordPress WP-ClanWars plugin <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'orderby' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP-ClanWars versions = 2.0.1...

4.9CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:38 a.m.6 views

CVE-2017-12949

lib\modules\contributors\contributorlisttable.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF...

8.8CVSS9AI score0.01109EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.4 views

CVE-2025-13652

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6.5AI score0.01077EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/06 7:51 a.m.5 views

WordPress CBX Bookmark & Favorite plugin <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.4...

6.5CVSS8AI score0.01077EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder