CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress Business Directory Plugin plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter vulnerability

Unauthenticated SQL Injection via payment Parameter vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.21...

CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-2576

The CVE-2026-2576 entry concerns the WordPress plugin “Business Directory Plugin – Easy Listing Directories” (Business Directory Plugin). The vulnerability is a time-based SQL Injection exploitable via the payment parameter in all versions up to and including 6.4.2. It arises from insufficient es...

PT-2026-20329

Name of the Vulnerable Software and Affected Versions Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3 Description The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate...

WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

EUVD-2025-27187

Malicious code in bioql PyPI...

CVE-2025-8981 itsourcecode Online Tour and Travel Management System payment.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument paymenttype leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-33412 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Online Tour and Travel Management System version 1.0. The manipulation of the payment type argument in the...

CVE-2024-29320

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...

CVE-2024-29320

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...

Wallos SQL注入漏洞

Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A SQL injection vulnerability exists in Wallos versions prior to 1.15.3, which originates from an easy SQL injection via the category and payment parameters of /subscriptions/get.php...

PT-2024-22861 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos versions prior to 1.15.3 Description: The issue is related to SQL Injection via the category and payment parameters to the "/subscriptions/get.php" API endpoint. This allows for potential exploitation. Recommendations: For versions pri...

Online Tours & Travels Management System SQL Injection Vulnerability

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Online Tours & Travels Management System version 1.0, which stems from a parameter id in the file payment.php that can lead to S...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...

CVE-2005-0981

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 payment or 2 send parameter...