CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

PT-2025-37025

Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider versions through 3.5.0 Description: An SQL injection vulnerability exists in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database ...

CVE-2023-41863

Unauth. Stored Cross-Site Scripting XSS vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin = 1.7.0 versions...

CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2020-2241

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials...

CVE-2019-1003075

Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2024-8702

The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8702 Backup Database <= 4.9 - Admin+ Stored XSS

The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21533 · WordPress · Database Backup

Name of the Vulnerable Software and Affected Versions: Backup Database WordPress plugin versions prior to 4.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

WordPress plugin WPDB to Sql 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-22351

CVE-2025-22351 refers to an SQL injection in the WordPress plugin Contact Form 7 Database – CFDB7 . The vulnerability arises from improper neutralization of special elements used in SQL commands, enabling an authenticated attacker to craft payloads that could alter or read database data. Affected...

WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Contact Form 7 Database – CFDB7 versions = 1.0.0...

OPENSUSE-SU-2024:0384-1 Security update for zabbix

This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templat...

PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery

Description The PeproDev CF7 Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unkno...

WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by FearZzZz Patchstack Alliance in WordPress Plugin PeproDev CF7 Database versions = 1.8.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...

CVE-2023-31235

CVE-2023-31235 affects the WordPress Participants Database plugin (versions

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

Contact Form to DB by BestWebSoft < 1.7.2 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft –...