138 matches found
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
PT-2026-32586
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2022-41650
Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...
CVE-2022-41650
Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...
CVE-2022-41650 WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...
PT-2026-20208
Name of the Vulnerable Software and Affected Versions Custom Content by Country by Shield Security versions through 3.1.2 Description A missing authorization issue exists in Custom Content by Country by Shield Security. The issue allows unauthorized access. Recommendations Update Custom Content b...
CVE-2025-23869
Cross-Site Request Forgery CSRF vulnerability in shibulijack CJ Custom Content cj-custom-content allows Stored XSS.This issue affects CJ Custom Content: from n/a through = 2.0...
EUVD-2014-0061
Malware in sbrugna...
EUVD-2021-11737
Malware in sbrugna...
EUVD-2021-11738
Malware in sbrugna...
EUVD-2025-3196
Malicious code in bioql PyPI...
EUVD-2025-3490
Malicious code in bioql PyPI...
EUVD-2023-12401
Malicious code in bioql PyPI...
EUVD-2025-8751
Malicious code in bioql PyPI...
EUVD-2023-51181
Malicious code in bioql PyPI...
CVE-2023-0273
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...