CVE-2022-47605

Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...

ChurchCRM 4.5.1 SQL Injection

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi

Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

CVE-2023-24789

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...

CVE-2023-26325

The 'rxexportreview' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

CVE-2023-23492

The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...

CVE-2023-23492

The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...

CVE-2022-43462

Auth. SQL Injection SQLi vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin = 5.00 versions...

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well PoC...

CVE-2022-37773

Maarch RM 2.8 is affected by an authenticated SQL Injection on the statistics page, specifically /statistics/retrieve, via the filter parameter. The vulnerability enables complete disclosure of all databases. Several connected sources confirm the issue but do not provide a confirmed fix version; ...

CVE-2022-37773

An authenticated SQL Injection vulnerability in the statistics page /statistics/retrieve of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases...

WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro premium plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

CVE-2022-3141 Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. PoC To exploit the vulnerability, someone must send a...

CVE-2022-33960

Multiple Authenticated subscriber or higher user role SQL Injection SQLi vulnerabilities in Social Share Buttons by Supsystic plugin = 2.2.3 at WordPress...