CVE-2025-13000

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

EUVD-2025-200190

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000

CVE-2025-13000 concerns the WordPress plugin “db-access” up to version 0.8.7, where an insufficient authorization check in an AJAX action permits any authenticated user (including subscribers) to perform SQL injection. Supported details from connected sources confirm the root cause as missing aut...

CVE-2025-13000 DB Access <= 0.8.7 - Subscriber+ SQLi

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

WordPress plugin db-access 安全漏洞

WordPress db-access is the core part of the WordPress system that interacts with the database. WordPress db-access exists SQL injection vulnerability, the vulnerability stems from the lack of authorization for AJAX operations, an attacker can use this vulnerability by sending malicious SQL comman...

PT-2025-48642

Name of the Vulnerable Software and Affected Versions db-access WordPress plugin versions through 0.8.7 Description The db-access WordPress plugin does not have proper authorization for an AJAX action. This allows authenticated users, including those with subscriber privileges, to potentially...

CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

PT-2024-32549 · Unknown · Bit Form – Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: Bit Form – Contact Form Plugin versions 2.13.11 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

BIT-OPENFIRE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

SUSE CVE-2007-2692

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...

PT-2020-17291 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a sql Stored XSS in the db-access.jsp file within the dbaccess plugin. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to the...

IBM Informix 12.10 DB-Access Buffer Overflow Exploit

IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to inse...

SAP Hybris E-commerce Suite VirtualJDBC - Default Credentials

Application: SAP Hybris E-commerce Suite Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3 Vendor URL: SAP Bugs: Default credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Author: Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: CWE-259 Use...

mysql SECURITY INVOKER functions do not drop privileges

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...