10 matches found
CVE-2026-57771 WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...
CVE-2025-69151 WordPress Grand Car Rental theme <= 3.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Grand Car Rental = 3.7 versions...
WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Car Zone versions = 3.7...
WordPress WordPress Auction plugin <= 3.7 - Editor+ SQL Injection vulnerability
Editor+ SQL Injection vulnerability discovered by Thanh Kieu in WordPress Plugin WordPress Auction Plugin versions = 3.7...
CVE-2025-49911 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...
CVE-2024-8855 WordPress Auction <= 3.7 - Editor+ SQL Injection
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks...
CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
PT-2024-34758 · WordPress · Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions n/a through 3.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
WordPress Easy SVG Support plugin <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy SVG Support versions = 3.7...
CVE-2023-25030
Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...