2 matches found
CVE-2026-31896
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...
PT-2023-30043 · WordPress · Wp Customer Reviews
Name of the Vulnerable Software and Affected Versions: WP Customer Reviews plugin for WordPress versions up to, and including, 3.6.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...