79 matches found
CVE-2026-3512
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25575
CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
Sourceforge SimplePress CMS SQL注入漏洞
SourceForge SimplePress CMS is an open-source content management system developed by SourceForge. Version 1.0.7 of SourceForge SimplePress CMS has a SQL injection vulnerability. This vulnerability stems from the presence of SQL injections in the p and s parameters, which could allow unauthenticat...
CVE-2026-3512
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
WordPress Writeprint Stylometry plugin <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter vulnerability
Reflected Cross-Site Scripting via 'p' Parameter vulnerability discovered by johska in WordPress Plugin Writeprint Stylometry versions = 0.1...
CVE-2026-3512
The CVE-2026-3512 entry concerns the Writeprint Stylometry WordPress plugin (versions up to 0.1). The issue is a Reflected Cross-Site Scripting vulnerability in the function bjl_wprintstylo_comments_nav(), where the plugin directly outputs the GET parameter $_GET['p'] into an HTML href attribute ...
PT-2026-26030
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl wprintstylo comments nav function. The function directly...
EUVD-2019-19806
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
EUVD-2019-19778
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25509
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25509 XooDigital Lastest Latest SQL Injection via results.php
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25509
CVE-2019-25509 affects XooDigital Latest, where an SQL injection vulnerability in the results.php endpoint allows unauthenticated attackers to inject SQL via the 'p' parameter and manipulate database queries to extract sensitive information. All documented details describe the vulnerability as un...
PT-2026-24969
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
Xooscripts XooDigital SQL注入漏洞
Xooscripts XooDigital is a software developed by the Xooscripts company. Xooscripts XooDigital has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unauthenticated attackers to manipulate database queries and extract...