Lucene search
K

125 matches found

Nuclei
Nuclei
added 4 hours ago80 views

LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-45808 info: name: LearnPress Plugin 4.2.0 - Unauthenticated Time-Based Blind SQLi author: DhiyaneshDK severity: critical description: | SQL Injection vulnerability in LearnPress – WordPress LMS...

9.9CVSS7AI score0.04269EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday12 views

WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection

Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...

7.5CVSS6.1AI score0.01382EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-4661

The CVE-2026-4661 entry concerns the WordPress plugin WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (versions up to 2.2.2). The flaw is a time-based blind SQL injection in the fildname parameter, caused by insufficient escaping of user-supplied column names in ajaxCheck() and an inco...

7.5CVSS6.1AI score0.00326EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42860

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 6 days ago13 views

CVE-2026-9700

The CVE covers the WordPress Eventer plugin vulnerability up to version 4.4.2, caused by insufficient escaping of the user-supplied code parameter and inadequate SQL query preparation. This enables time-based SQL injection by unauthenticated attackers to append additional SQL to existing queries ...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48398

Name of the Vulnerable Software and Affected Versions Newsletters plugin for WordPress versions prior to 4.14 Description The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that force the database to wait a specific amount of time before responding,...

7.5CVSS5.6AI score0.01382EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 11:48 a.m.11 views

EUVD-2017-18969

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.13 views

CVE-2026-6929

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.7AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44217

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References11
NVD
NVD
added 2026/05/20 4:16 a.m.14 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.8 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-9807

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS5.9AI score0.00324EPSS
In wildExploits0References2
NVD
NVD
added 2026/05/02 12:16 p.m.29 views

CVE-2026-4060

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS0.00304EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.76 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/02 11:16 a.m.27 views

EUVD-2026-26778

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS6AI score0.00304EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.4 views

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00342EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/08 12:31 p.m.8 views

EUVD-2026-20453

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.5 views

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

9.8CVSS5.9AI score0.08741EPSS
Exploits0References2
NVD
NVD
added 2026/04/05 9:16 p.m.7 views

CVE-2019-25664

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

7.1CVSS0.00342EPSS
Exploits1References4
Rows per page
Query Builder