Lucene search
K

361 matches found

Patchstack
Patchstack
added 2026/04/12 11:32 p.m.5 views

WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...

6.5CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/11 3:30 a.m.3 views

EUVD-2026-21660

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References6
NVD
NVD
added 2026/04/11 2:16 a.m.2 views

CVE-2026-5207

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/11 1:24 a.m.2 views

CVE-2026-5207

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/11 1:24 a.m.8 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
CVE
CVE
added 2026/04/11 1:24 a.m.15 views

CVE-2026-5207

The CVE-2026-5207 entry concerns the LifterLMS WordPress plugin (versions up to 9.2.1). It describes an SQL Injection via the ‘order’ parameter due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated access at Instructor level (with edit_post capabi...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/11 1:24 a.m.30 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.2 views

PT-2026-32090

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

WordPress plugin LifterLMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00372EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/24 1:25 a.m.2 views

CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References7
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-2279

The CVE concerns the WordPress plugin myLinksDump (WordPress plugin; vulnerable component: SQL construction in myLinksDump.php). Affected versions: all versions up to and including 1.6. Root cause: insufficient escaping of user-supplied parameters and lack of proper preparation of the existing SQ...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.6 views

CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26830

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort by' and 'sort order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/11 12:13 a.m.6 views

Improper Neutralization of Special Elements in Data Query Logic

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the order query parameter in API filters. An attacker can access sensitive information from the databas...

6.9CVSS5.9AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 12:30 a.m.6 views

EUVD-2026-10275

A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument order leads to sql injection. The attack can be initiated remotely. The exploit is...

8.8CVSS6.4AI score0.00276EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/09 12:30 a.m.8 views

EUVD-2026-10276

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

8.8CVSS6.4AI score0.00276EPSS
Exploits2References5
OSV
OSV
added 2026/03/08 11:15 p.m.6 views

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

8.8CVSS5.6AI score0.00276EPSS
Exploits2References4
NVD
NVD
added 2026/03/08 11:15 p.m.6 views

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

8.8CVSS0.00276EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/03/08 10:32 p.m.3 views

CVE-2026-3786 EasyCMS Request Parameter RbacuserAction.class.php sql injection

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

6.5CVSS5.6AI score0.00276EPSS
Exploits2References4
CVE
CVE
added 2026/03/08 10:32 p.m.13 views

CVE-2026-3786

CVE-2026-3786 affects EasyCMS, specifically the Request Parameter Handler in file /RbacuserAction.class.php . The issue arises from manipulating the argument _order/order in requests, enabling remote SQL injection . The vulnerability is exploitable remotely and, per connected sources, the exploit...

8.8CVSS6.4AI score0.00276EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder