VulnCheck KEV: CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

EUVD-2026-19496

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The...

CVE-2025-2334

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access...

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability

Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...

WordPress plugin Icegram Express security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-33115 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: Icegram Express plugin for WordPress versions up to, and including, 5.7.22 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform SQL Injection via the optionslist id parameter due to...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6+Layui development of a lightweight high-profile back-end development system . FunAdmin v3.2.0 version of the existence of security vulnerabilities , the vulnerability stems from the existence of SQL injection via the /databases/table/list id...

WordPress plugin Easy Forms for MailChimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2017-6577

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: listid...

CVE-2017-6098

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaignsave.php Requires authentication to Wordpress admin with the POST Parameter: listid...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...