Lucene search
K

345 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 8:16 a.m.7 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 6:44 a.m.12 views

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/02 6:44 a.m.7 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/02 6:44 a.m.36 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.12 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 8:29 a.m.7 views

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter vulnerability

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin = 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin WP Maps versions = 4.9.1...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/22 11:24 p.m.1 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/22 11:24 p.m.2 views

CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
CVE
CVE
added 2026/03/22 11:24 p.m.10 views

CVE-2026-2580

The CVE-2026-2580 entry concerns the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters WordPress plugin (up to v4.9.1). The root cause is insufficient escaping and insufficient preparation of an SQL query, enabling time-based SQL Injection via the ‘orderby’...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/22 11:24 p.m.31 views

CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.3 views

PT-2026-27034

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions up to and including 4.9.1 Description The WP Maps plugin for WordPress is susceptible to time-based SQL Injection. This is...

7.5CVSS5.8AI score0.00444EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.10 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00371EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806 WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.24 views

CVE-2026-0806

The WP-ClanWars WordPress plugin (

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References5
Rows per page
Query Builder