14 matches found
CVE-2026-2495
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escapi...
CVE-2026-2495 WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escapi...
CVE-2026-2495 WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escapi...
CVE-2026-2495
CVE-2026-2495 (WPNakama) is an unauthenticated SQL Injection in the WordPress plugin WPNakama – Team and multi-Client Collaboration, Editorial and Project Management. Affects versions up to and including 0.6.5, via the order parameter of the /wp-json/WPNakama/v1/boards REST API endpoint. The vuln...
WordPress WPNakama plugin <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPNakama versions = 0.6.5...
PT-2026-20366
Name of the Vulnerable Software and Affected Versions WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress versions up to and including 0.6.5 Description The WPNakama plugin for WordPress is susceptible to SQL Injection due to inadequate input...
WordPress plugin WPNakama SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-14068
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14068
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14068 WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14068
The CVE-2025-14068 entry affects the WPNakama WordPress plugin (team/multi-client collaboration and project management tooling). The vulnerability is an unauthenticated time-based SQL Injection via the order_by parameter in all versions up to 0.6.3, caused by insufficient escaping of user input a...
WordPress WPNakama plugin <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter vulnerability
Unauthenticated SQL Injection via 'orderby' Parameter vulnerability discovered by WordFence in WordPress Plugin WPNakama versions = 0.6.3...
WordPress plugin WPNakama SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
PT-2025-50892
Name of the Vulnerable Software and Affected Versions WPNakama plugin for WordPress versions up to and including 0.6.3 Description The WPNakama plugin for WordPress is susceptible to time-based SQL Injection through the order by parameter. Insufficient escaping of user-supplied input and inadequa...