24 matches found
CVE-2026-54838
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
CVE-2026-54838
CVE-2026-54838 affects WordPress WC Vendors Marketplace plugin up to version 2.6.8. The description documents a subscriber SQL injection vulnerability (no explicit root cause details provided). CVSS 3.1 base score 8.5 (HIGH) with network attack vector, low attack complexity, privileges required: ...
CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
EUVD-2026-39368
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...
EUVD-2025-17284
Malicious code in bioql PyPI...
EUVD-2023-12173
Malicious code in bioql PyPI...
CVE-2025-49263
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through = 2.5.6...
CVE-2025-49263 WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6...
CVE-2025-49263
The CVE-2025-49263 entry concerns WC Vendors Marketplace (WC Vendors) for WordPress, with an SQL Injection vulnerability in WC Vendors Marketplace that affects versions up to 2.5.6. The vulnerability stems from improper neutralization of special elements in SQL commands, enabling Blind SQL Inject...
CVE-2025-49263 WordPress WC Vendors Marketplace plugin <= 2.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through = 2.5.6...
PT-2025-24212 · Unknown · Wc Vendors Marketplace
Name of the Vulnerable Software and Affected Versions: WC Vendors Marketplace versions 2.5.6 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...
WordPress plugin WC Vendors Marketplace SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2023-48327 WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...
WordPress plugin WC Vendors Marketplace SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection
Software WC Vendors Marketplace Type Plugin Vulnerable versions = 2.4.7 Fixed in 2.4.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-48327 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9914d19a70b0 Credits LEE SE HYOUNG hackintoanetwork Required...
CVE-2023-0072
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0072
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0072 WC Vendors Marketplace < 2.4.5 - Contributor+ Stored XSS
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0072 WC Vendors Marketplace < 2.4.5 - Contributor+ Stored XSS
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...