CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

EUVD-2026-31391

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

WordPress plugin WP ERP Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2018-25176

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

CVE-2025-12398

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

EUVD-2025-204661

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12398

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12398 Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-48283

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter...

WordPress Plugin RSS Aggregator by Feedzy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-17937 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.2 Description: The issue is related to SQL Injection via the search key parameter due to...

CVE-2019-18205

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection SSTI via the search searchkey parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it...

PT-2018-12201 · Symfony · Twig

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 2.4.4 Description: The issue allows Server-Side Template Injection SSTI via the search key parameter. It is noted that Twig itself is not a web application, and the responsibility of properly wrapping input to it lies...

Reflective Cross-Site Scripting Vulnerability in Knight Talent System 'key' Parameter

Knight Talent System is a professional talent system based on PHP + MYSQL as the core development, free + open source. A reflective cross-site scripting vulnerability exists in the search 'key' parameter of the Knight Talent System v4.0 job search function. The vulnerability allows attackers to...