105 matches found
WCAPF WooCommerce Ajax Product Filter - SQL Injection
WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...
CVE-2026-57643
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
CVE-2026-57643
WP Post Author plugin for WordPress, versions
EUVD-2026-39758
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...
CVE-2026-3396
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-6275
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...
WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...
CVE-2026-7385
The Decent Comments WordPress plugin (prior to version 3.0.2) exposes comment author and post author email addresses via its REST API without access restrictions, enabling unauthenticated users to enumerate registered email addresses. Root cause: insufficient access controls on the REST endpoint....
WordPress WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars plugin <= 3.8.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Post Author versions = 3.8.3...
CVE-2026-40229
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...
EUVD-2026-26244
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...
CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...
Helpy 跨站脚本漏洞
Helpy is an open-source customer support application developed by the American company Helpy. This program includes features such as a knowledge base, community discussions, and email support. Version 2.8.0 of Helpy contains a cross-site scripting vulnerability, which stems from the storage-based...
EUVD-2026-20453
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-3396
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-3396 WCAPF – WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-3396
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...