CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065

SureCart

Exploit for Code Injection in Lubus Wp_Query_Console

Introduction Handy tool for developers to quickly test vario...

Linux Distros Unpatched Vulnerability : CVE-2022-21661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there...

WordPress Query Wrangler plugin <= 1.5.54 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Query Wrangler versions = 1.5.54...

WordPress Relevanssi Live Ajax Search plugin <= 2.4 - Unauthenticated WP_Query Argument Injection vulnerability

Unauthenticated WPQuery Argument Injection vulnerability discovered by scottaglia in WordPress Plugin Relevanssi Live Ajax Search versions = 2.4...

PT-2024-38427 · WordPress · Relevanssi Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4 Description: The issue is due to insufficient validation of input supplied via POST data in the search function, making it possible for unauthenticated...

The vulnerability of the WP_Query class in the WordPress content management system allows attackers to expose stored user credentials.

The vulnerability of the WPQuery class in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to access and disclose stored user credentials...

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...