Lucene search
K

25 matches found

CVE
CVE
added 5 days ago7 views

CVE-2026-58493

CVE-2026-58493 affects grav-plugin-database (Grav CMS) prior to 1.2.0. The plugin builds PDO DSN strings by concatenating user-configurable YAML values (host, dbname, charset, server, database, directory, filename) without sanitization, enabling an administrator with plugin config access to injec...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-58493 grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Connection String Construction

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References5
CVE
CVE
added 5 days ago7 views

CVE-2026-58492

Technical details are not publicly available in the provided documents. Monitor for updates.

9.2CVSS6.3AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-61450

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.13 views

CVE-2026-12238

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/02 9:0 p.m.3 views

Malicious Package

Overview strapi-plugin-database is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

9.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2026/03/25 7:51 p.m.8 views

EUVD-2026-14492

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name...

7.2CVSS5.9AI score0.00493EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.5 views

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

6.1CVSS6.1AI score0.0055EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.9 views

CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

9.8CVSS7.6AI score0.02314EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-40396

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.0055EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/26 9:22 a.m.12 views

CVE-2025-6212 Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the...

7.2CVSS0.00257EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 12:13 a.m.8 views

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS7.2AI score0.00454EPSS
Exploits0References1
NVD
NVD
added 2025/01/10 4:15 a.m.12 views

CVE-2024-12473

The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT GPT-4o 128K plugin for WordPress is vulnerable to SQL Injection via the 'templateid' parameter of the 'articlebuildergeneratedata' shortcode in all versions up to, and...

6.5CVSS0.00501EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/08 5:28 p.m.19 views

CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

7.5AI score0.02261EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.3 views

WordPress Plugin Database for Contact Form 7 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS5.8AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.10 views

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.8AI score0.00593EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.4 views

WordPress Plugin Database Collation Fix 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

8.8CVSS8.1AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.6 views

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

7AI score0.00349EPSS
Exploits0References2
Prion
Prion
added 2023/01/01 8:15 a.m.22 views

Cross site scripting

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

5.8CVSS6AI score0.0055EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder