175 matches found
CVE-2025-10748 RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection
The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10748
CVE-2025-10748 affects the RapidResult WordPress plugin. It allows SQL Injection via the s parameter in all versions up to and including 1.2. The vulnerability arises from insufficient escaping of user input and inadequate preparation of the SQL query, enabling authenticated attackers with contri...
PT-2025-43587
Name of the Vulnerable Software and Affected Versions RapidResult plugin for WordPress versions up to and including 1.2 Description The RapidResult plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL...
EUVD-2021-22100
Malware in sbrugna...
CVE-2025-9807
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2025-9807
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
PT-2025-37274
Name of the Vulnerable Software and Affected Versions: The Events Calendar plugin for WordPress versions through 6.15.1 Description: The Events Calendar plugin for WordPress is susceptible to a time-based SQL Injection issue due to insufficient escaping of user-supplied parameters and inadequate...
CVE-2025-9085
The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2025-41063
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...
CVE-2025-9085
The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection
The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection
The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
PT-2025-36351
Name of the Vulnerable Software and Affected Versions: User Registration & Membership plugin for WordPress version 4.3.0 Description: The User Registration & Membership plugin for WordPress is susceptible to SQL Injection via the s parameter. This is due to insufficient escaping of user-supplied...
CVE-2025-41063
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...
CVE-2025-41063
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the s parameter in /apprain/developer/debug-log/db. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or X...
CVE-2023-23489
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edddownloadsearch' action...
CVE-2021-35458
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...
CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...
CVE-2021-24979
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...