Lucene search
K

7 matches found

CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

WordPress iATS Online Forms plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...

6.5CVSS8.2AI score0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/29 9:41 p.m.5 views

WordPress iATS Online Forms plugin <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability

Authenticated Contributor+ SQL Injection via order Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin iATS Online Forms versions = 1.2...

6.5CVSS7.8AI score0.00278EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/08/29 5:15 a.m.3 views

CVE-2025-9441

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/29 4:25 a.m.2 views

CVE-2025-9441 iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS6AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/29 4:25 a.m.7 views

CVE-2025-9441 iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.9 views

WordPress plugin iATS Online Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...

6.5CVSS8.1AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.4 views

PT-2025-35191

Name of the Vulnerable Software and Affected Versions: iATS Online Forms plugin for WordPress versions up to and including 1.2 Description: The iATS Online Forms plugin for WordPress is susceptible to time-based SQL Injection via the order parameter. Insufficient escaping of user-supplied input a...

6.5CVSS6.5AI score0.00278EPSS
Exploits0References7
Rows per page
Query Builder