Lucene search
K

192 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-15300

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS0.00349EPSS
Exploits0References6
CVE
CVE
added 5 days ago10 views

CVE-2026-15300

CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42807

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15300 GEO my WP <= 4.5.4 - Unauthenticated SQL Injection via 'distance' / 'lat' / 'lng' Parameters

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS0.00349EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.5 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.32 views

CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 3:42 a.m.22 views

CVE-2026-12077

CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52191

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This issue occurs because user-supplied parameters are not sufficiently escaped and the SQL query is not properly...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References6
NVD
NVD
added 2026/06/18 6:16 a.m.14 views

CVE-2026-10029

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS0.0031EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.18 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/05/30 9:28 a.m.38 views

CVE-2026-9757

The GEO my WP WordPress plugin (prepare(). This enables unauthenticated attackers to append additional SQL to existing queries to extract data. Exploitation requires a public page hosting the Posts Locator shortcode ([gmw form="results" form_id=N]) and at least one published post with an associat...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.21 views

PT-2026-45090

Name of the Vulnerable Software and Affected Versions GEO my WP versions prior to 4.5.6 Description The plugin is subject to SQL Injection, allowing unauthenticated attackers to append additional SQL queries to extract sensitive information from the database. The issue occurs because the swlatlng...

7.5CVSS5.6AI score0.00344EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/21 5:10 p.m.12 views

EUVD-2026-31315

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.41 views

CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42513

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References4
NVD
NVD
added 2026/05/20 8:16 p.m.17 views

CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 7:39 p.m.11 views

EUVD-2026-31185

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:39 p.m.7 views

CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
Rows per page
Query Builder