CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

9.8CVSS7.2AI score0.3298EPSS

Exploits1References5

Nuclei•added yesterday•85 views

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

9.8CVSS7.3AI score0.81363EPSS

Exploits4References5

Nuclei•added yesterday•119 views

WordPress Statistics <13.0.8 - Blind SQL Injection

WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...

7.5CVSS7.2AI score0.26931EPSS

Exploits3References5

Nuclei•added yesterday•38 views

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

9.8CVSS7.3AI score0.77956EPSS

Exploits1References5

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2026-54818

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS0.00211EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:13 p.m.•8 views

CVE-2026-48839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.4AI score0.00212EPSS

Exploits0References1

NVD•added 2026/06/01 3:16 p.m.•14 views

CVE-2026-48839

7.1CVSS0.00212EPSS

Exploits0References1

EUVD•added 2026/06/01 2:43 p.m.•13 views

EUVD-2026-33652

7.1CVSS5.8AI score0.00212EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•15 views

PT-2026-45438

Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...

7.1CVSS5.8AI score0.00212EPSS

Exploits0References4

RedhatCVE•added 2026/02/27 10:14 a.m.•11 views

CVE-2026-28136

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS6AI score0.00285EPSS

Exploits0References1

EUVD•added 2026/02/26 9:30 a.m.•7 views

EUVD-2026-8846

7.6CVSS5.6AI score0.00285EPSS

Exploits0References2

NVD•added 2026/02/26 9:16 a.m.•7 views

CVE-2026-28136

7.6CVSS0.00285EPSS

Exploits0References1

Vulnrichment•added 2026/02/26 8:33 a.m.•5 views

CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability

7.6CVSS5.7AI score0.00285EPSS

Exploits0References1

ATTACKERKB•added 2026/02/26 8:33 a.m.•7 views

CVE-2026-28136

5.6AI score0.00285EPSS

Exploits0References2

CVE•added 2026/02/26 8:33 a.m.•20 views

CVE-2026-28136

CVE-2026-28136 concerns the WordPress WP SMS plugin up to version 6.9.12, with an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. The issue affects WP SMS versions through 6.9.12 and can enable manipulation of database queries due to the vulnerab...

7.6CVSS5.7AI score0.00285EPSS

Exploits0References1

Positive Technologies•added 2026/02/26 12:0 a.m.•8 views

PT-2026-22135

Name of the Vulnerable Software and Affected Versions WP SMS versions through 6.9.12 Description The software contains a flaw due to improper neutralization of special elements used in an SQL command, specifically a SQL Injection issue. This allows for potential manipulation of database queries...

7.6CVSS5.9AI score0.00285EPSS

Exploits0References5

RedhatCVE•added 2026/02/20 1:27 p.m.•4 views

CVE-2026-25343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

5.9CVSS5.5AI score0.00172EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•3 views

CVE-2026-25343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

5.9CVSS0.00172EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:26 a.m.•5 views

CVE-2026-25343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

5.5AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/02/19 12:0 a.m.•13 views

PT-2026-20706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

5.5AI score0.00172EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by