WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin WP Data Access versions = 5.5.70...

CVE-2026-0557

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0557

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdaapp' shortcode in all versions up to, and including, 5.5.63 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0557

CVE-2026-0557 correlates with a vulnerability in WordPress WordPress Data Access plugin (WP Data Access) ≤ 5.5.63, described as an authenticated stored cross-site scripting (XSS) flaw via the 'wpda_app' shortcode. The connected PatchStack entry confirms the affected product and the exact vulnerab...

WordPress plugin WP Data Access 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection

The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderuserlogindir' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress plugin WP Data Access SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability

The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...

WordPress plugin WP Data Access 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

CVE-2022-43941 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

PT-2023-2240 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to incorrect restriction of XML links to external objects, which can allow a remote attacker to conduct...

WordPress WP Data Access Plugin SQL Injection (CVE-2021-24866)

An SQL injection vulnerability exists in WordPress WP Data Access plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

WordPress WP Data Access plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress WP Data Access plugin has a SQL injection vulnerability in versions prior to 5.0.0, which stems from the...

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress WP Data Access plugin has a SQL injection vulnerability in versions prior to 5.0.0, which stems from the...