CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68857 WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68857

CVE-2025-68857 concerns WordPress’s Paid Downloads plugin (versions &lt;= 3.15). The flaw is an unauthenticated blind SQL Injection caused by improper neutralization of elements in SQL queries, enabling manipulation/exfiltration of database data. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/...

CVE-2025-68857 WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

WordPress plugin Paid Downloads has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-4087

Name of the Vulnerable Software and Affected Versions ichurakov Paid Downloads versions through 3.15 Description A flaw exists in ichurakov Paid Downloads that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially...

WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xVenus in WordPress Plugin Paid Downloads versions = 3.15...

CVE-2025-48102

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-paid-downloads-membership allows Stored XSS.This issue affects GoUrl Bitcoin Payment Gateway & Paid...

CVE-2025-48102 WordPress GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-paid-downloads-membership allows Stored XSS.This issue affects GoUrl Bitcoin Payment Gateway & Paid...

WordPress GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership versions = 1.6.6...

WordPress Zarinpal Paid Downloads plugin <= 2.3 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin Zarinpal Paid Download versions = 2.3...

CVE-2024-13544 Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-13543 Zarinpal Paid Downloads <= 2.3 - Reflected XSS

The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13544 Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

GoUrl Bitcoin Payment Gateway < 1.4.14 - Shell Upload

The GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership WordPress plugin was affected by a Shell Upload security vulnerability...

Paid Downloads <= 2.01 - SQL Injection

The Paid Downloads WordPress plugin was affected by a SQL Injection security vulnerability...

WordPress Paid Downloads plugin <= 2.01 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Paid Downloads plugin = 2.01 SQL Injection Vulnerability Date: 2011-09-07 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/paid-downloads.2.01.zip Version: 2.01 tested...

WordPress Plugin Auctions 1.8.8 - &#039;wpa_id&#039; SQL Injection

source: https://www.securityfocus.com/bid/49625/info Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...