YesWiki SQL注入漏洞

YesWiki is a wiki system built with PHP, developed by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.1 had a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the...

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

LDAP Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...

EUVD-2007-4362

Malware in sbrugna...

CVE-2025-10726

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'dataid' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-32285

Malicious code in bioql PyPI...

CVE-2025-10726

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'dataid' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10726

CVE-2025-10726 (WPRecovery) affects WordPress WPRecovery plugin up to version 2.0. It describes an unauthenticated SQL Injection via data[id] that can cause leakage of sensitive data and, via the query result being passed to unlink(), arbitrary file deletion on the server. The Wordfence report co...

PT-2025-40475

Name of the Vulnerable Software and Affected Versions WPRecovery versions prior to 2.1 Description The WPRecovery plugin for WordPress is affected by a SQL Injection issue due to insufficient input validation and preparation of SQL queries. Specifically, the dataid parameter is vulnerable. This...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin MultiLoca - WooCommerce Multi Locations Inventory Management SQL注入漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin MultiLoca - WooCommerce Multi Locations Inventory Management A SQL...

Oqtane Framework 安全漏洞

Oqtane Framework is an open source content management system CMS and application framework from Oqtane Open Source. A security vulnerability exists in Oqtane Framework version 6.0.0 and earlier, which stems from an endpoint that does not enforce sufficient authorization checks to validate that a...

PT-2024-26290 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/banner deal.php component. The mudi, dataType, dataTypeCN, theme, and dataID parameters are involved. This allows for unauthorized action...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

CVE-2021-24901

The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24901

The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24901

The CVE-2021-24901 affects the WordPress Security Audit plugin (versions ≤ 1.0.0). Root cause: the Data Id setting is not sanitized/escaped, enabling stored XSS. Impact: stored client-side code execution; attack could occur even if unfiltered_html is disallowed. Public exploit details exist (payl...

Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Data ID setting of the plugin...