144 matches found
GHSA-72XP-P242-47P9 Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...
PT-2026-44134
Description Symfony routes can declare a requirements regex per path parameter, e.g. a route / locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator...
Malicious Package
Overview wm-plugin-create-iframe-capturing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
MAL-2026-4337 Malicious code in wm-plugin-create-iframe-capturing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8f21008e1afe359d81b5a894a1b3977ba8a70993db9afc6f6d695cb37ab3f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-49050
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49050
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49050 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49050 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055
CVE-2025-49055 targets the WordPress plugin WP Lead Capturing Pages (wp-lead-capture), with an Unauthenticated Blind SQL Injection due to improper neutralization of input in versions up to and including 2.5. This vulnerability is categorized with CVSS 3.1/8.9? No; per metrics, base score 9.8 (CRI...
CVE-2025-49050
CVE-2025-49050 describes an SQL Injection in the WordPress plugin WP Lead Capturing Pages (wp-lead-capture) up to version 2.5. The issue is Improper Neutralization of Special Elements in SQL Commands, enabling Blind SQL Injection. Public references (NVD/Patchstack/Red Hat) confirm the vulnerabili...
CVE-2025-49055 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
WordPress plugin WP Lead Capturing has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-3971
Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a SQL Injection issue. This allows for Blind SQL Injection. T...
PT-2026-3972
Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attacker to...
WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...
WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...