361 matches found
CVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2026-1105
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...
EasyCMS SQL Injection Vulnerability
EasyCMS is a PHP-based website building system from the EasyCMS community. Versions of EasyCMS 1.6 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the order parameter in the File/UserAction.class.php file, which may lead to SQL injection attacks...
CVE-2026-1105
CVE-2026-1105 affects EasyCMS up to 1.6, with a flaw in the /UserAction.class.php file that allows manipulation of the _order argument, resulting in SQL injection. Documents from NVD/Red Hat indicate remote, publicly exploitable behavior and claim high impact (possible data disclosure/integrity/a...
CVE-2026-1105 EasyCMS UserAction.class.php sql injection
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...
CVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
EUVD-2026-3145
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-12984 Advanced Ads – Ad Manager & AdSense <= 2.0.15 - Authenticated (Admin+) SQL Injection
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-12984
The CVE-2025-12984 entry pertains to the WordPress plugin Advanced Ads – Ad Manager & AdSense. It describes an SQL Injection in the order parameter affecting all versions up to 2.0.15 due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated Administr...
PT-2026-3349
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-12166
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...
WordPress Simply Schedule Appointments plugin <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability
Unauthenticated SQL Injection via order and appendwheresql Parameters vulnerability discovered by shark3y in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.9...
CVE-2025-12166
CVE-2025-12166 refers to blind SQL Injection in the WordPress plugin Booking Calendar — Simply Schedule Appointments (versions up to 1.6.9.9). The issue arises from insufficient escaping of user-supplied input in the order/append_where_sql parameters, enabling unauthenticated queries that could e...
CVE-2025-12166
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...
CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...
CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...
CVE-2022-31890
SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function...
CVE-2025-59470
This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...
CVE-2025-59470
This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...