CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

EUVD-2026-31044

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

EUVD-2008-3192

Malware in sbrugna...

CVE-2024-29832

The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...

CVE-2013-7276

The CVE-2013-7276 entry concerns the WordPress plugin “Recommend to a friend” (plugin version 2.0.2) with a reflected XSS in inc/raf_form.php via the current_url parameter. The underlying cause is that user-supplied current_url is reflected, allowing remote attackers to inject arbitrary script/HT...