20 matches found
CVE-2026-6417
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-6417
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress plugin GLS Shipping for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-40874
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2495
CVE-2026-2495 (WPNakama) is an unauthenticated SQL Injection in the WordPress plugin WPNakama – Team and multi-Client Collaboration, Editorial and Project Management. Affects versions up to and including 0.6.5, via the order parameter of the /wp-json/WPNakama/v1/boards REST API endpoint. The vuln...
EUVD-2021-24697
Malware in sbrugna...
EUVD-2020-11719
Malware in sbrugna...
CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
WordPress plugin Taskbuilder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-39870
Name of the Vulnerable Software and Affected Versions The Taskbuilder WordPress plugin versions prior to 3.0.5 Description The issue allows high privilege users, such as admins, to perform SQL Injection attacks due to the lack of sanitization of user input into the load orders parameter, which is...
CVE-2021-38239
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
Sql injection
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
CVE-2020-19821
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...
Sql injection
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...
CVE-2020-19821
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...
DOYO SQL注入漏洞
DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...