Lucene search
K

361 matches found

RedhatCVE
RedhatCVE
added 2026/01/18 7:18 a.m.20 views

CVE-2025-12984

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS6.6AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/01/18 12:15 a.m.9 views

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

9.8CVSS0.0044EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.7 views

EasyCMS SQL Injection Vulnerability

EasyCMS is a PHP-based website building system from the EasyCMS community. Versions of EasyCMS 1.6 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the order parameter in the File/UserAction.class.php file, which may lead to SQL injection attacks...

9.8CVSS7.2AI score0.0044EPSS
Exploits1References5
CVE
CVE
added 2026/01/17 11:32 p.m.16 views

CVE-2026-1105

CVE-2026-1105 affects EasyCMS up to 1.6, with a flaw in the /UserAction.class.php file that allows manipulation of the _order argument, resulting in SQL injection. Documents from NVD/Red Hat indicate remote, publicly exploitable behavior and claim high impact (possible data disclosure/integrity/a...

9.8CVSS6.8AI score0.0044EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/17 11:32 p.m.32 views

CVE-2026-1105 EasyCMS UserAction.class.php sql injection

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

7.5CVSS0.0044EPSS
Exploits1References4
NVD
NVD
added 2026/01/17 7:16 a.m.10 views

CVE-2025-12984

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/17 6:42 a.m.6 views

EUVD-2026-3145

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS6.1AI score0.00325EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/17 6:42 a.m.3 views

CVE-2025-12984 Advanced Ads – Ad Manager & AdSense <= 2.0.15 - Authenticated (Admin+) SQL Injection

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS5.9AI score0.00325EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/17 6:42 a.m.4 views

CVE-2025-12984

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS5.8AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/01/17 6:42 a.m.29 views

CVE-2025-12984

The CVE-2025-12984 entry pertains to the WordPress plugin Advanced Ads – Ad Manager & AdSense. It describes an SQL Injection in the order parameter affecting all versions up to 2.0.15 due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated Administr...

4.9CVSS6.2AI score0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.6 views

PT-2026-3349

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS6.6AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/15 10:32 p.m.4 views

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

7.5CVSS6.8AI score0.00289EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/15 7:4 a.m.8 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability

Unauthenticated SQL Injection via order and appendwheresql Parameters vulnerability discovered by shark3y in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.9...

7.5CVSS8.1AI score0.00289EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/14 10:23 p.m.15 views

CVE-2025-12166

CVE-2025-12166 refers to blind SQL Injection in the WordPress plugin Booking Calendar — Simply Schedule Appointments (versions up to 1.6.9.9). The issue arises from insufficient escaping of user-supplied input in the order/append_where_sql parameters, enabling unauthenticated queries that could e...

7.5CVSS6.4AI score0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 10:23 p.m.2 views

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

7.5CVSS6AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 10:23 p.m.23 views

CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

7.5CVSS0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 10:23 p.m.3 views

CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

7.5CVSS6.4AI score0.00289EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.45 views

CVE-2022-31890

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function...

9.8CVSS8AI score0.01503EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/08 4:18 p.m.23 views

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

9CVSS0.01487EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/01/08 4:18 p.m.2 views

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

9CVSS7.7AI score0.01487EPSS
Exploits2References1
Rows per page
Query Builder