WordPress Create DB Tables plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Table Creation/Deletion vulnerability discovered by theviper17y in WordPress Plugin Create DB Tables versions = 1.2.1...

CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2025-27271

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through = 1.0.1...

CVE-2025-27271 WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through = 1.0.1...

CVE-2025-27271 WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through = 1.0.1...

WordPress plugin DB Tables Import/Export 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-22856

A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal = v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests...

CVE-2024-22856

The CVE-2024-22856 issue affects Axefinance Axe Credit Portal (&gt;= v3.0). Multiple sources confirm a SQL injection vulnerability originating from the Save Favorite Search feature, allowing authenticated attackers to execute unintended queries and expose data from database tables through crafted...

CVE-2022-4553

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

Cross site request forgery (csrf)

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables PoC Make a logged in admin open a page containing the HTML code below...

Media Library Folders < 7.1.2 - Plugin Reset via CSRF

The plugin does not have CSRF check when reseting its data, which could allow attackers to make logged in admin reset the plugin data, such as the DB tables via a CRSF attack...