Lucene search
K

2763 matches found

NVD
NVD
added 2026/05/20 4:16 a.m.13 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.9 views

SUSE CVE-2025-6014

Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS5.9AI score0.00341EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:27 a.m.6 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 2:27 a.m.17 views

CVE-2026-9010

The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:27 a.m.42 views

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 2:16 a.m.18 views

CVE-2026-7472

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.12 views

CVE-2026-7472

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References10
CVE
CVE
added 2026/05/20 1:25 a.m.14 views

CVE-2026-7472

The Read More & Accordion WordPress plugin (up to version 3.5.7) is vulnerable to time-based blind SQL injection via the 'orderby' parameter. The root cause is that the value from $_GET['orderby'] is passed through esc_attr() and then concatenated unquoted into an ORDER BY clause, where esc_sql()...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31035

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.9 views

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.7 views

WordPress plugin Boost SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/19 3:21 a.m.102 views

Exploit for SQL Injection in Litellm

CVE-2025-45809 – LiteLLM SQL Injection via /key/block Time-...

5.4CVSS5.9AI score0.00251EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/05/18 3:36 p.m.23 views

eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage

Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...

5.8AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.47 views

CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind)

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.6 views

CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind)

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 12:11 p.m.13 views

EUVD-2018-21858

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/05/17 12:11 p.m.15 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that enables unauthenticated attackers to extract database information via time-based blind techniques. Exploitation can be performed to confirm vulnerability and retrieve data, indicating potential impact to confidentiality. Th...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder