CVE-2025-10726

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'dataid' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-32285

Malicious code in bioql PyPI...

CVE-2025-10726

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'dataid' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10726

CVE-2025-10726 (WPRecovery) affects WordPress WPRecovery plugin up to version 2.0. It describes an unauthenticated SQL Injection via data[id] that can cause leakage of sensitive data and, via the query result being passed to unlink(), arbitrary file deletion on the server. The Wordfence report co...

PT-2025-40475

Name of the Vulnerable Software and Affected Versions WPRecovery versions prior to 2.1 Description The WPRecovery plugin for WordPress is affected by a SQL Injection issue due to insufficient input validation and preparation of SQL queries. Specifically, the dataid parameter is vulnerable. This...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2024-26290 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/banner deal.php component. The mudi, dataType, dataTypeCN, theme, and dataID parameters are involved. This allows for unauthorized action...

idreamsoft iCMS SQL Injection Vulnerability (CNVD-2019-12126)

iCMS is an efficient and simple content management system built with PHP and MySQL. A SQL injection vulnerability exists in idreamsoft iCMS 7.0.13, which can be exploited by remote attackers to execute SQL commands with the help of the 'dataid' parameter...

CVE-2019-6259

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php dataid parameter...