Lucene search
K

20 matches found

Nuclei
Nuclei
added yesterday26 views

Viral Signup <= 2.1 - SQL Injection

The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

9.8CVSS6.1AI score0.03292EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.9 views

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.2AI score0.03292EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.10 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00351EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/09/04 9:34 a.m.4 views

WordPress Viral Signup plugin <= 2.1 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Viral Signup versions = 2.1...

9.8CVSS7AI score0.03292EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/04 6:15 a.m.5 views

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS5.8AI score0.03292EPSS
Exploits1References1
NVD
NVD
added 2024/09/04 6:15 a.m.22 views

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS0.03292EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/04 6:0 a.m.16 views

CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

7.9AI score0.03292EPSS
Exploits1References1
CVE
CVE
added 2024/09/04 6:0 a.m.77 views

CVE-2024-6926

CVE-2024-6926 affects the Viral Signup WordPress plugin (versions up to and including 2.1). The issue is an SQL injection caused by insufficient escaping/sanitisation of a user-supplied parameter used in a SQL query via an unauthenticated AJAX action. The vulnerability is documented as affecting ...

9.8CVSS9.9AI score0.03292EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.13 views

WordPress Viral Signup Plugin <= 2.1 is vulnerable to SQL Injection

Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6926 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bccf241bb1d7 Credits Project Black Required privilege Unauthenticated...

9.8CVSS6.8AI score0.03292EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.4 views

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS7.6AI score0.03292EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.10 views

PT-2024-37964 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated user...

9.8CVSS7.3AI score0.03292EPSS
Exploits1References8
Patchstack
Patchstack
added 2024/08/29 12:23 p.m.7 views

WordPress Viral Signup plugin <= 2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Viral Signup versions = 2.1...

4.8CVSS6.1AI score0.00351EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/08/29 11:15 a.m.24 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00351EPSS
Exploits1References1
OSV
OSV
added 2024/08/29 11:15 a.m.6 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00351EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/29 6:0 a.m.34 views

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00351EPSS
Exploits1References1
CVE
CVE
added 2024/08/29 6:0 a.m.52 views

CVE-2024-6927

CVE-2024-6927 concerns the Viral Signup WordPress plugin (

4.8CVSS4.9AI score0.00351EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.5 views

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS6.7AI score0.00351EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.9 views

WordPress Viral Signup Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6927 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5b641fb65f6d Credits Bob Matyas Required privilege...

4.8CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.6 views

PT-2024-37965 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue concerns the Viral Signup WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...

4.8CVSS5.6AI score0.00351EPSS
Exploits1References8
0day.today
0day.today
added 2017/04/25 12:0 a.m.40 views

WordPress Wow Viral Signups 2.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wow Viral Signups v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-viral-signup/ Version: 2.1 Contact:...

6.7AI score
Exploits0
Rows per page
Query Builder