WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin WP Data Access versions = 5.5.70...

CVE-2026-35479

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...

CVE-2026-0557

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0557

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0557

CVE-2026-0557 correlates with a vulnerability in WordPress WordPress Data Access plugin (WP Data Access) ≤ 5.5.63, described as an authenticated stored cross-site scripting (XSS) flaw via the 'wpda_app' shortcode. The connected PatchStack entry confirms the affected product and the exact vulnerab...

EUVD-2025-200190

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000 DB Access <= 0.8.7 - Subscriber+ SQLi

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

WordPress plugin db-access 安全漏洞

WordPress db-access is the core part of the WordPress system that interacts with the database. WordPress db-access exists SQL injection vulnerability, the vulnerability stems from the lack of authorization for AJAX operations, an attacker can use this vulnerability by sending malicious SQL comman...

EUVD-2021-1385

Malware in sbrugna...

EUVD-2024-49886

Malicious code in bioql PyPI...

EUVD-2023-44169

Malicious code in bioql PyPI...

BentoML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible BentoML instance on the target application. BentoML is an open-source inference platform. This detection is included in the AI and LLM category. No source data...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

WordPress plugin WP Data Access 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

RHEL 7 : redhat-access-plugin (RHSA-2015:0840)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0840 advisory. The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription...

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

WordPress Member Access plugin <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Member Access versions = 1.1.6...

CVE-2024-11290

The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...