CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

EUVD-2026-31391

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

WordPress plugin WP ERP Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42719

Name of the Vulnerable Software and Affected Versions WP ERP Pro versions prior to 1.5.2 Description The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-suppli...

CVE-2018-25176

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

CVE-2018-25176

CVE-2018-25176 affects Alive Parish 2.0.4. The advisory documents an unauthenticated SQL injection via the key parameter in the search endpoint and an arbitrary file upload through the person photo upload feature that can lead to remote code execution, with CVSS scores indicating HIGH severity (C...

CVE-2018-25176

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

CVE-2025-12398

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

EUVD-2025-204661

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12398

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12398 Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12398

CVE-2025-12398 affects the WordPress plugin “Product Table for WooCommerce.” The vulnerability is a Reflected Cross-Site Scripting via the search_key parameter. It affects all versions up to 5.0.8 due to insufficient input sanitization and output escaping. The provided Connected documents confirm...

PT-2025-52579

Name of the Vulnerable Software and Affected Versions Product Table for WooCommerce plugin versions prior to 5.0.9 Description The Product Table for WooCommerce plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...

WordPress plugin Product Table for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-48283

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter...

CVE-2024-35936 btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfsrelocatesyschunks The unhandled case in btrfsrelocatesyschunks loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to lo...

CVE-2024-1317

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...