6 matches found
CVE-2025-13391
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...
CVE-2025-10175
The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...
CVE-2025-10175 WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection
The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...
Vulnerabilities fixed in phpMyAdmin
Two vulnerabilities have been fixed in phpMyAdmin. A remote malicious party could exploit the vulnerabilities to execute an SQL injection or Cross-Site Scripting XSS attack. To exploit the XSS vulnerability, the malicious party must create a persuade phpMyAdmin user to open a rogue URL. XSS can...
DEBIAN-CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...
DEBIAN-CVE-2020-26934
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...