Lucene search
+L

356 matches found

attackerkb
attackerkb
added 2026/05/20 7:41 a.m.9 views

CVE-2026-9059

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS
Exploits0References2
nvd
nvd
added 2026/05/20 2:16 a.m.19 views

CVE-2026-8685

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS0.00359EPSS
Exploits0References5
nvd
nvd
added 2026/05/20 2:16 a.m.20 views

CVE-2026-7472

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
cvelist
cvelist
added 2026/05/20 1:25 a.m.41 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
cve
cve
added 2026/05/20 1:25 a.m.17 views

CVE-2026-7472

The Read More & Accordion WordPress plugin (up to version 3.5.7) is vulnerable to time-based blind SQL injection via the 'orderby' parameter. The root cause is that the value from $_GET['orderby'] is passed through esc_attr() and then concatenated unquoted into an ORDER BY clause, where esc_sql()...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References5
euvd
euvd
added 2026/05/20 1:25 a.m.13 views

EUVD-2026-31020

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8685

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/20 1:25 a.m.46 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS0.00359EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.14 views

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.18 views

WordPress plugin NextGEN Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.3CVSS5.9AI score0.00287EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
nvd
nvd
added 2026/05/02 8:16 a.m.7 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/02 6:44 a.m.36 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS0.00335EPSS
Exploits0References7
cve
cve
added 2026/05/02 6:44 a.m.13 views

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/02 6:44 a.m.7 views

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References7
cnnvd
cnnvd
added 2026/05/02 12:0 a.m.11 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/02 12:0 a.m.9 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
redhatcve
redhatcve
added 2026/03/26 2:59 p.m.13 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1
Rows per page
Query Builder