Lucene search
K

14 matches found

OSV
OSV
added 2026/06/16 11:50 a.m.3 views

BIT-MYSQL-CLIENT-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00419EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 2:29 a.m.25 views

CVE-2026-12089

The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/13 2:29 a.m.35 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49072

Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...

4.9CVSS5.4AI score0.00336EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 5:34 p.m.7 views

EUVD-2026-36517

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

6.9CVSS5.5AI score0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.7 views

PT-2024-36474 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue allows for Server-Side Request Forgery SSRF in the plug-in download address on the management page of the backend management system. This can be achieved within the GetSimple CMS CE...

7.2CVSS7AI score0.00396EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.5 views

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...

7.2CVSS6.7AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.3 views

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from a vulnerability in the back-end plugin module to a server-side request forgery attack...

8.8CVSS6.6AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.9 views

PT-2024-36475 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue is related to Server-Side Request Forgery SSRF in the backend plugin module. This allows an attacker to forge requests from the server, potentially leading to unauthorized access or...

8.8CVSS7AI score0.00242EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from the presence of an arbitrary code execution vulnerability that can be exploited by an attacker to implement code that can be executed...

9.8CVSS7.6AI score0.00833EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 12:15 a.m.7 views

CVE-2023-2496

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validateupload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

7.5CVSS6.5AI score0.00794EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.7 views

WordPress plugin Go Pricing - WordPress Responsive Pricing Tables 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Go Pricing - WordPres...

7.5CVSS8.6AI score0.00794EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.7 views

WordPress plugin Go Pricing - WordPress Responsive Pricing Tables 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Go Pricing - WordPres...

8.8CVSS8.4AI score0.00369EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/05/23 12:0 a.m.17 views

WordPress MPG Plugin <= 3.3.19 is vulnerable to SQL Injection

Software MPG Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.3.20 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-33927 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ad0baec3bee8 Credits LEE SE HYOUNG hackintoanetwork Required privilege...

9.8CVSS6.8AI score0.00675EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder