WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...

CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...

EUVD-2012-4295

Malware in sbrugna...

CVE-2012-4352

Multiple cross-site scripting XSS vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to 1 community/blog.jsp or 2 community/blogSearch.jsp, the 3 calendarType or 4 monthNumber parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to 1 community/blog.jsp or 2 community/blogSearch.jsp, the 3 calendarType or 4 monthNumber parameter to...