WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Malicious Package

Overview strapi-plugin-database is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...

EUVD-2026-14492

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

EUVD-2022-40396

Malicious code in bioql PyPI...

CVE-2025-6212 Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the...

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2024-12473

The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT GPT-4o 128K plugin for WordPress is vulnerable to SQL Injection via the 'templateid' parameter of the 'articlebuildergeneratedata' shortcode in all versions up to, and...

CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

WordPress Plugin Database for Contact Form 7 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Database Collation Fix 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

Cross site scripting

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

PT-2023-13554 · Webcube · Webcube

Name of the Vulnerable Software and Affected Versions: WeCube platform version 3.2.2 Description: A DOM XSS issue has been found on the plugin database execution page. This allows for potential exploitation through malicious scripts executed on the client-side. Recommendations: For WeCube platfor...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

CVE-2022-4161 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...