WordPress plugin WPGancio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2025-27156

Malicious code in bioql PyPI...

EUVD-2024-51967

Malicious code in bioql PyPI...

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

VulnCheck KEV: CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0853

CVE-2025-0853: PGS Core WordPress plugin

CVE-2024-11135

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

CVE-2024-11135

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

WordPress plugin Eventer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-1624 · WordPress · Eventer

Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions up to, and including, 3.9.8 Description: The issue concerns a SQL injection vulnerability via the event parameter in the eventer get attendees function. This vulnerability is due to insufficient escaping ...

CVE-2024-53438

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL command...

CVE-2024-53438

CVE-2024-53438 affects ChurchCRM 5.7.0, with the EventAttendance.php SQL injection due to unsanitized interpolation of the Event parameter into the query. This constitutes a high-severity issue (CVE description and multiple sources confirm arbitrary SQL execution potential). The connected documen...

PT-2024-35740 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.7.0 Description: The issue is related to SQL injection in the EventAttendance.php file. An attacker can exploit this by manipulating the Event parameter, which is directly interpolated into the SQL query without proper...

CVE-2023-30014

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via subeventid parameter in subeventstatupdate.php...

ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1 Tested on: Window...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM v4.5.3 and earlier versions that stems from the presence of a SQL injection vulnerability via the Event parameter...