EUVD-2026-23190

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

CVE-2026-3773 Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3773

CVE-2026-3773 : The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to an SQL Injection via the 'scan_id' parameter in all versions up to and including 4.20 . The root cause is insufficient escaping of user input and inadequate preparation of the existing SQL query. This ca...

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3599 Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is affected by an SQL Injection in the /wp-json/InkXEProductDesignerLite/add-item-to-cart endpoint. The vulnerability involves SQL injection via the keys of the 'options' parameter within 'product_data' for all versions up to 2.1.2. Root cause: in...

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewplaylist.php being...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewuser.php being...

CVE-2026-37340

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/editmusic.php...

WordPress plugin Accessibility Suite by Ability, Inc 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

CVE-2026-37344

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managelocation.php...

PT-2026-33351

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

PT-2026-33330

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description An issue exists in the file '/music/edit music.php' that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields for executi...

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

CVE-2026-37342

CVE-2026-37342 affects SourceCodester Vehicle Parking Area Management System v1.0. Multiple connected sources confirm an SQL Injection vulnerability in the file /parking/view_parked_details.php. The underlying cause is unsafely constructed SQL queries in that endpoint, enabling potential data dis...

CVE-2026-37347

CVE-2026-37347 affects SourceCodester Payroll Management and Information System v1.0, with a vulnerability described as an SQL Injection in the file /payroll/view_employee.php. The provided documents do not specify impact, exploit details, affected versions beyond v1.0, or remediation steps. The ...

CVE-2026-37341

CVE-2026-37341 affects SourceCodester Vehicle Parking Area Management System v1.0, with a SQL Injection flaw in /parking/manage_category.php caused by improper input handling in the category management logic. Documented impacts indicate high severity (C/H, I/H, A/H) per CVSS 3.1 and potential dat...