Lucene search
K

2762 matches found

CVE
CVE
added 2026/05/02 11:16 a.m.14 views

CVE-2026-4060

The Geo Mashup plugin for WordPress (WordPress) is affected by CVE-2026-4060: Time-Based SQL Injection via the sort parameter in all versions up to and including 1.13.18. The root cause is insufficient escaping for user-supplied input and insufficient preparation of the existing SQL query. The es...

7.5CVSS6AI score0.00304EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/02 11:16 a.m.25 views

EUVD-2026-26778

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS6AI score0.00304EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.5 views

CVE-2026-4060

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS6AI score0.00304EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.48 views

CVE-2026-4060 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS0.00304EPSS
Exploits1References5
NVD
NVD
added 2026/05/02 8:16 a.m.6 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 7:46 a.m.14 views

CVE-2026-6457

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection through the geo_mashup_null_fields parameter in all versions up to 1.13.19. The root cause is insufficient escaping of user-supplied input and insufficient preparation of the underlying SQL query. Exploitation req...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/02 7:46 a.m.6 views

EUVD-2026-26759

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/02 7:46 a.m.4 views

CVE-2026-6457 Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/02 7:46 a.m.5 views

CVE-2026-6457

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References9
CVE
CVE
added 2026/05/02 6:44 a.m.12 views

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/02 6:44 a.m.8 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/02 6:44 a.m.35 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/02 6:44 a.m.5 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.7 views

PT-2026-36592

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo mashup null fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.7 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.11 views

PT-2026-36607

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map post type' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashes deep$ POST which removes WordPress magic quotes protection, followed...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36608

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object ids' and 'exclude object ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the...

7.5CVSS6AI score0.00328EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS6AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder