Lucene search
K

31 matches found

CNNVD
CNNVD
added 2024/09/12 12:0 a.m.22 views

WordPress plugin LearnPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

10CVSS8.5AI score0.63134EPSS
Exploits6References6
BDU FSTEC
BDU FSTEC
added 2024/09/12 12:0 a.m.6 views

The vulnerability of the ConditionalStream::ConditionalStream class (in the ConditionalStream.cpp module) of the “Red Database” database management system allows a attacker to cause a service failure on the server.

The vulnerability of the ConditionalStream::ConditionalStream class in the ConditionalStream.cpp module of the “Red Database” database management system is related to the use of the BETWEEN operator in the WHERE clause during query preparation. Exploiting this vulnerability can allow an attacker ...

6.5CVSS5.5AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.2 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.6AI score0.00511EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.11 views

CVE-2024-2342 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS7.2AI score0.00594EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Sql injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

6.5CVSS7.6AI score0.03135EPSS
Exploits0References3
NVD
NVD
added 2024/02/29 1:43 a.m.39 views

CVE-2024-1317

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS8.7AI score0.00714EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

WordPress Plugin LearnPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8AI score0.51394EPSS
Exploits1References3
Prion
Prion
added 2023/10/31 9:15 a.m.19 views

Sql injection

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.0079EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/10/31 9:15 a.m.17 views

Sql injection

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.00797EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/10/16 8:15 p.m.2 views

CVE-2023-4776

The School Management System WordPress plugin before 2.2.5 uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers...

8.8CVSS7.4AI score0.00721EPSS
Exploits2References1
Prion
Prion
added 2023/10/16 8:15 p.m.21 views

Sql injection

The School Management System WordPress plugin before 2.2.5 uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers...

6.5CVSS9AI score0.00721EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder