20 matches found
WordPress ProjectList plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...
WordPress ProjectList plugin arbitrary file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress ProjectList plugin, which stems from a lack of file type validation and can be exploited by an attacker to cause...
CVE-2025-13370
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13376
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
CVE-2025-13376
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
CVE-2025-13370
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress ProjectList plugin <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload vulnerability
Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ivan Cese in WordPress Plugin ProjectList versions = 0.3.0...
CVE-2025-13370 ProjectList <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13370
CVE-2025-13370 (WordPress ProjectList plugin) is a time-based SQL Injection affecting the ProjectList plugin for WordPress in versions up to and including 0.3.0. The root cause is insufficient escaping of the id parameter and inadequate preparation of the existing SQL query, enabling authenticate...
EUVD-2025-199566
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13370 ProjectList <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13376 ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
CVE-2025-13376
The CVE-2025-13376 entry concerns the WordPress ProjectList plugin with versions up to 0.3.0, where missing file-type validation allows authenticated users with Editor-level access or higher to upload arbitrary files to the server. This vulnerability potentially enables remote code execution. Pub...
CVE-2025-13376 ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
EUVD-2025-199577
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
WordPress ProjectList plugin <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter vulnerability
Authenticated Editor+ SQL Injection via 'id' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin ProjectList versions = 0.3.0...
PT-2025-48004
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin ProjectList SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...
WordPress plugin ProjectList 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress ProjectList plugin, which stems from a lack of file type validation and can be exploited by an attacker to cause...
PT-2025-48005
Name of the Vulnerable Software and Affected Versions ProjectList versions prior to 0.3.1 Description The ProjectList plugin for WordPress is susceptible to unauthorized file uploads because of inadequate file type validation. This allows attackers with Editor-level access or higher to upload...