14 matches found
EUVD-2025-203240
The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10289
The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10289
CVE-2025-10289 concerns the WordPress plugin Filter & Grids (ymc-smart-filter) vulnerability: an unauthenticated SQL injection via the phrase parameter in all versions up to and including 3.2.0. The root cause is insufficient escaping and improper SQL query preparation, enabling an attacker to ap...
CVE-2025-10289 Filter & Grids <= 3.2.0 - Unauthenticated SQL Injection
The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-51092
The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-11735
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the phrase parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-11735
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the phrase parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-11735
The CVE refers to HUSKY – Products Filter Professional for WooCommerce (WordPress plugin) with a blind SQL Injection via the phrase parameter. Affected versions are all up to and including 1.3.7.1, caused by insufficient escaping and lack of proper query preparation, enabling unauthenticated atta...
EUVD-2025-36434
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the phrase parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-11735 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the phrase parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-11735 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the phrase parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
PT-2025-44087
Name of the Vulnerable Software and Affected Versions HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to and including 1.3.7.1 Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is susceptible to blind SQL Injection...
PT-2021-16823 · Unknown · Avideo/Youphptube
Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows a remote attacker to steal administrators' session cookies or perform actions as an administrator due to multiple reflected Cross Scripting vulnerabilities. This is...
CVE-2005-4255
Cross-site scripting XSS vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter...