Lucene search
K

155 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.17 views

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

7.5CVSS7.5AI score0.00391EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.6 views

CVE-2024-12159

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the printphpinformation.php being publicly accessible. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:48 a.m.6 views

CVE-2024-11292

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted t...

5.3CVSS6.8AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.11 views

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5.3CVSS6.8AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.10 views

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.2AI score0.00797EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.8 views

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.2CVSS7.2AI score0.00841EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.5 views

CVE-2022-29597

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

6.5CVSS6.9AI score0.01852EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.11 views

CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...

8.8CVSS8.5AI score0.02505EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.8 views

CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

7.5CVSS7.1AI score0.01073EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.9 views

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

9.3CVSS7.3AI score0.01816EPSS
Exploits3References1
NVD
NVD
added 2025/05/20 3:16 p.m.10 views

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

7.5CVSS0.11668EPSS
Exploits1References2
CVE
CVE
added 2025/05/20 12:0 a.m.44 views

CVE-2025-26086

RSI Queue Management System v3.0 has an unauthenticated blind SQL injection in the TaskID parameter of the GET request handler. The vulnerability enables time-delayed SQL payloads to be remotely injected, causing measurable response delays that allow time-based inference and iterative extraction ...

7.5CVSS7.8AI score0.11668EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/05/20 12:0 a.m.13 views

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

0.11668EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 12:19 a.m.27 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.8CVSS8.5AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 12:19 a.m.20 views

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

5.1CVSS8.6AI score0.00214EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 2:15 p.m.19 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.8CVSS0.00438EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/15 12:0 a.m.15 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

0.00438EPSS
Exploits1References2
CVE
CVE
added 2025/05/15 12:0 a.m.34 views

CVE-2025-46052

CVE-2025-46052 involves WebERP v4.15.2 with an error-based SQL Injection affecting the DEL form field in a POST request to /StockCounts.php. The underlying issue allows an attacker to execute arbitrary SQL and extract sensitive data. Multiple connected sources confirm the vulnerable endpoint and ...

9.8CVSS8.1AI score0.00438EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.9 views

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

6.2AI score0.00214EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.8 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.9AI score0.00438EPSS
Exploits1References2
Rows per page
Query Builder