Lucene search
K

175 matches found

Cvelist
Cvelist
added 2025/10/24 8:23 a.m.12 views

CVE-2025-10748 RapidResult <= 1.2 - Authenticated (Contributor+) SQL Injection

The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00271EPSS
Exploits0References3
CVE
CVE
added 2025/10/24 8:23 a.m.30 views

CVE-2025-10748

CVE-2025-10748 affects the RapidResult WordPress plugin. It allows SQL Injection via the s parameter in all versions up to and including 1.2. The vulnerability arises from insufficient escaping of user input and inadequate preparation of the SQL query, enabling authenticated attackers with contri...

6.5CVSS6.2AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.7 views

PT-2025-43587

Name of the Vulnerable Software and Affected Versions RapidResult plugin for WordPress versions up to and including 1.2 Description The RapidResult plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL...

6.5CVSS6.7AI score0.00271EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-22100

Malware in sbrugna...

9.8CVSS9.2AI score0.02447EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/14 2:27 a.m.8 views

CVE-2025-9807

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS6.8AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2025/09/12 2:15 a.m.8 views

CVE-2025-9807

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.7 views

PT-2025-37274

Name of the Vulnerable Software and Affected Versions: The Events Calendar plugin for WordPress versions through 6.15.1 Description: The Events Calendar plugin for WordPress is susceptible to a time-based SQL Injection issue due to insufficient escaping of user-supplied parameters and inadequate...

7.8CVSS5.9AI score0.00324EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/09/08 3:12 a.m.13 views

CVE-2025-9085

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

4.9CVSS6.9AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.7 views

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/06 3:15 a.m.7 views

CVE-2025-9085

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

4.9CVSS0.00317EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/06 2:24 a.m.5 views

CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

4.9CVSS6.4AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/06 2:24 a.m.15 views

CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

4.9CVSS0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.10 views

PT-2025-36351

Name of the Vulnerable Software and Affected Versions: User Registration & Membership plugin for WordPress version 4.3.0 Description: The User Registration & Membership plugin for WordPress is susceptible to SQL Injection via the s parameter. This is due to insufficient escaping of user-supplied...

4.9CVSS6.8AI score0.00317EPSS
Exploits0References8
OSV
OSV
added 2025/09/04 12:15 p.m.5 views

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.6 views

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

5.4CVSS0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/04 11:45 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the s parameter in /apprain/developer/debug-log/db. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or X...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.5 views

CVE-2023-23489

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edddownloadsearch' action...

9.8CVSS8.2AI score0.11172EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.4 views

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

9.8CVSS7.3AI score0.02447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.7 views

CVE-2021-24940

The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.01477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.3 views

CVE-2021-24979

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.01868EPSS
Exploits2References1
Rows per page
Query Builder