Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.5 views

CVE-2026-2495

The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escapi...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 8:26 a.m.26 views

CVE-2026-2495 WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter

The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escapi...

7.5CVSS0.00433EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 8:26 a.m.12 views

CVE-2026-2495

CVE-2026-2495 (WPNakama) is an unauthenticated SQL Injection in the WordPress plugin WPNakama – Team and multi-Client Collaboration, Editorial and Project Management. Affects versions up to and including 0.6.5, via the order parameter of the /wp-json/WPNakama/v1/boards REST API endpoint. The vuln...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/18 7:3 a.m.8 views

WordPress WPNakama plugin <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability

Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPNakama versions = 0.6.5...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.11 views

PT-2026-20366

Name of the Vulnerable Software and Affected Versions WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress versions up to and including 0.6.5 Description The WPNakama plugin for WordPress is susceptible to SQL Injection due to inadequate input...

7.5CVSS5.6AI score0.00433EPSS
Exploits0References12
Patchstack
Patchstack
added 2025/12/12 5:48 a.m.8 views

WordPress WPNakama plugin <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter vulnerability

Unauthenticated SQL Injection via 'orderby' Parameter vulnerability discovered by WordFence in WordPress Plugin WPNakama versions = 0.6.3...

7.5CVSS7.8AI score0.00336EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin WPNakama SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

7.5CVSS7.5AI score0.00336EPSS
Exploits0References7
Rows per page
Query Builder