CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

535 matches found

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 14 hours ago•7 views

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score0.00039EPSS

Exploits0References1

NVD•added yesterday•8 views

CVE-2026-9829

6.5CVSS0.00051EPSS

Exploits0References12

CVE•added yesterday•14 views

CVE-2026-9829

CVE-2026-9829 affects the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery up to version 1.8.41. The flaw is a time-based SQL Injection in the compact_album_order_by shortcode parameter caused by insufficient escaping and lack of parameterized queries. Exploitation requires...

6.5CVSS5.8AI score0.00051EPSS

Exploits0References12

Positive Technologies•added yesterday•10 views

PT-2026-47144

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact album order by' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficien...

6.5CVSS5.8AI score0.00051EPSS

Exploits0References13

RedhatCVE•added 2 days ago•4 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS5.6AI score0.00044EPSS

Exploits1References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.7AI score0.00053EPSS

Exploits0References1

NVD•added 3 days ago•7 views

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS0.00065EPSS

Exploits0References3

CVE•added 3 days ago•10 views

CVE-2019-25745

CVE-2019-25745 affects WordPress Plugin Google Review Slider 6.1. The vulnerability is a time-based blind SQL injection in the tid parameter, exploitable via GET requests to the plugin’s admin interface by unauthenticated attackers to manipulate queries and potentially extract data. According to ...

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3

Cvelist•added 3 days ago•30 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

8.8CVSS0.00065EPSS

Exploits0References3

ATTACKERKB•added 3 days ago•5 views

CVE-2019-25745

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3Affected Software1

Vulnrichment•added 3 days ago•7 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3

EUVD•added 3 days ago•5 views

EUVD-2019-20181

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3

NVD•added 2026/05/28 9:16 a.m.•14 views

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS0.00058EPSS

Exploits0References10

CVE•added 2026/05/28 7:43 a.m.•14 views

CVE-2026-7048

The CVE-2026-7048 entry concerns the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery. A time-based blind SQL Injection exists via the order_by parameter in all versions up to and including 1.8.40, caused by insufficient escaping and incomplete SQL query preparation. Authen...

6.5CVSS5.9AI score0.00058EPSS

Exploits0References10

ATTACKERKB•added 2026/05/28 7:43 a.m.•8 views

CVE-2026-7048

6.5CVSS5.9AI score0.00058EPSS

Exploits0References11

Vulnrichment•added 2026/05/28 7:43 a.m.•9 views

CVE-2026-7048 Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

6.5CVSS5.9AI score0.00058EPSS

Exploits0References10

EUVD•added 2026/05/28 6:45 a.m.•7 views

EUVD-2026-32739

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

7.5CVSS5.8AI score0.00159EPSS

Exploits0References11

ATTACKERKB•added 2026/05/27 6:46 a.m.•6 views

CVE-2026-7618

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00036EPSS

Exploits0References8

EUVD•added 2026/05/27 6:46 a.m.•9 views

EUVD-2026-32103

4.9CVSS5.9AI score0.00036EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by