WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

PT-2026-46129

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2026-10704 SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability in the egeq.php endpoint, exploitable by an authenticated user via the egeqIdEquipe parameter in GET requests to execute arbitrary SQL and extract sensitive database information (including version details). This aligns with the CVSS metrics ...

CVE-2018-25430 Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

EUVD-2026-33643

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-10260 CodeAstro Online Job Portal delete-jobs.php sql injection

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2026-10176

Technical details about CVE-2026-10176 are not publicly available in the provided documents; affected component and root cause are not specified beyond a generic description. Monitor for updates.

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

PT-2026-45120

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

PT-2026-45141

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts report search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument...

CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

CVE-2026-10039

The CVE-2026-10039 entry concerns the WordPress plugin Frontend Admin by DynamiApps. Affected versions up to and including 3.28.28 are vulnerable to a generic SQL Injection via the 'order' parameter due to insufficient escaping of user input and inadequate preparation of the existing SQL query. A...

📄 MikroORM 7.0.13 SQL Injection

MikroORM version 7.0.13 suffers from a remote SQL injection vulnerability. Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version:...

CVE-2026-49046

The CVE-2026-49046 entry concerns the WordPress plugin Duplicate Page and Post by Arjun Thakur, with an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands . Affected are plugin versions from unspecified earliest up to 2.9.5 . The CVSS 3.1 baseline sc...

CVE-2026-40819

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40815 Unauthenticated SQLi in _mb24api_getUserAccount function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24apigetUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40812

CVE-2026-40812 describes an unauthenticated SQL injection in the getLiveValues function’s sn parameter due to improper neutralization of special elements in a SQL SELECT command. The vulnerability is exploitable remotely by an unauthenticated attacker and can result in total loss of confidentiali...