CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

NVD•added 2026/06/06 4:17 a.m.•10 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS0.00266EPSS

Exploits0References5

Vulnrichment•added 2026/06/06 2:28 a.m.•7 views

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

4.9CVSS5.8AI score0.00266EPSS

Exploits0References5

CVE•added 2026/06/06 2:28 a.m.•15 views

CVE-2026-8978

The CVE covers OptinCraft

4.9CVSS5.7AI score0.00266EPSS

Exploits0References5

EUVD•added 2026/05/28 7:43 a.m.•12 views

EUVD-2026-32744

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00343EPSS

Exploits0References10

NVD•added 2026/03/04 7:16 a.m.•2 views

CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' attribute of the wpmemusermembershipposts shortcode in all versions up to, and including, 3.5.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS

Exploits0References4

Vulnrichment•added 2026/03/04 6:26 a.m.•3 views

CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

6.5CVSS6AI score0.00254EPSS

Exploits0References4

Vulnrichment•added 2026/01/15 11:25 p.m.•5 views

CVE-2021-47811 Grocery crud 1.6.4 - 'order_by' SQL Injection

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the orderby parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the orderby parameter in POST requests to the ajaxlist endpoint to potentially extract or modify database...

9.1CVSS7.8AI score0.00531EPSS

Exploits1References4

Vulnrichment•added 2025/12/12 6:32 a.m.•2 views

CVE-2025-14068 WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.4AI score0.00336EPSS

Exploits0References7

CVE•added 2025/12/12 6:32 a.m.•18 views

CVE-2025-14068

The CVE-2025-14068 entry affects the WPNakama WordPress plugin (team/multi-client collaboration and project management tooling). The vulnerability is an unauthenticated time-based SQL Injection via the order_by parameter in all versions up to 0.6.3, caused by insufficient escaping of user input a...

7.5CVSS6.4AI score0.00336EPSS

Exploits0References7

CVE•added 2025/11/27 5:31 a.m.•17 views

CVE-2025-13525

CVE-2025-13525 concerns the WordPress plugin WP Directory Kit. The connected documents confirm a Reflected Cross-Site Scripting vulnerability via the order_by parameter in all versions up to and including 1.4.5, caused by insufficient input sanitization and output escaping. The exposure can enabl...

6.1CVSS5.3AI score0.00215EPSS

Exploits0References5

Cvelist•added 2025/11/27 5:31 a.m.•9 views

CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'orderby' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00215EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-18433

Malware in sbrugna...

9.8CVSS9.5AI score0.01537EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0133

Malware in sbrugna...

9.8CVSS8.3AI score0.03525EPSS

Exploits2References17

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-2656

Malware in sbrugna...

7.5CVSS6.4AI score0.02189EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-18366

Malware in sbrugna...

9.8CVSS9.5AI score0.03204EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-46332

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00826EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-53553

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00296EPSS

Exploits0References3

Snyk•added 2025/08/26 12:31 a.m.•3 views

SQL Injection

Overview alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server. Affected versions of this package are vulnerable to SQL Injection via the orderby parameter. An attacker can execute arbitrary SQL commands by supplying crafted input...

8.1CVSS8.4AI score0.00353EPSS

Exploits2References2