CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065

SureCart

Exploit for Code Injection in Lubus Wp_Query_Console

Introduction Handy tool for developers to quickly test vario...

Linux Distros Unpatched Vulnerability : CVE-2022-21661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there...

WordPress Query Wrangler plugin <= 1.5.54 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Query Wrangler versions = 1.5.54...

WordPress Relevanssi Live Ajax Search plugin <= 2.4 - Unauthenticated WP_Query Argument Injection vulnerability

Unauthenticated WPQuery Argument Injection vulnerability discovered by scottaglia in WordPress Plugin Relevanssi Live Ajax Search versions = 2.4...

PT-2024-38427 · WordPress · Relevanssi Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4 Description: The issue is due to insufficient validation of input supplied via POST data in the search function, making it possible for unauthenticated...

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...