CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/09 11:48 a.m.•15 views

CVE-2017-20250

CVE-2017-20250 affects WordPress plugin Mac Photo Gallery 3.0 through a path traversal vulnerability in macdownload.php that allows unauthenticated attackers to download arbitrary files (e.g., wp-load.php) by manipulating the albid parameter. Reported impact includes potential high confidentialit...

8.7CVSS5.6AI score0.00641EPSS

CVE•added 2026/06/09 11:48 a.m.•13 views

CVE-2017-20248

CVE-2017-20248 affects the WordPress plugin Apptha Slider Gallery 1.0. It describes a path traversal vulnerability in asgallDownload.php that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) via the imgname parameter. CVSS scores in th...

8.7CVSS5.6AI score0.00641EPSS

Cvelist•added 2026/06/09 11:48 a.m.•24 views

CVE-2017-20248 WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS0.00641EPSS

CVE•added 2026/06/09 11:48 a.m.•15 views

CVE-2017-20249

The vulnerability CVE-2017-20249 affects the WordPress plugin Apptha Slider Gallery 1.0 . It contains an SQL injection via the albid parameter in GET requests, enabling unauthenticated attackers to execute arbitrary SQL and potentially extract sensitive database information, including user creden...

8.8CVSS6.1AI score0.00295EPSS

Cvelist•added 2026/06/09 11:48 a.m.•26 views

CVE-2017-20249 WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS0.00295EPSS

CVE•added 2026/06/09 11:48 a.m.•15 views

CVE-2017-20247

CVE-2017-20247 affects the WordPress plugin PICA Photo Gallery 1.0. It describes an SQL injection vulnerability where unauthenticated attackers can inject SQL via the aid parameter in GET requests to retrieve sensitive data (e.g., user credentials, table contents). The CVE notes high impact on co...

8.8CVSS6.1AI score0.00262EPSS

Cvelist•added 2026/06/09 11:48 a.m.•27 views

CVE-2017-20247 WordPress Plugin PICA Photo Gallery 1.0 SQL Injection

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS0.00262EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•8 views

CVE-2017-20247 WordPress Plugin PICA Photo Gallery 1.0 SQL Injection

8.8CVSS6.1AI score0.00262EPSS

EUVD•added 2026/06/09 11:48 a.m.•5 views

EUVD-2017-18972

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS5.7AI score0.0027EPSS

Cvelist•added 2026/06/09 11:48 a.m.•27 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

8.8CVSS0.0027EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•6 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

8.8CVSS5.7AI score0.0027EPSS

CVE•added 2026/06/09 11:48 a.m.•10 views

CVE-2017-20246

KittyCatfish 2.2 WordPress plugin contains a SQL injection vulnerability exploitable by unauthenticated attackers via an unescaped GET parameter. The vulnerability affects requests through kc_ad in base.css.php or kittycatfish.php, enabling extraction of database contents using boolean-based or t...

8.8CVSS5.7AI score0.0027EPSS

EUVD•added 2026/06/09 11:48 a.m.•6 views

EUVD-2017-18970

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

CVE•added 2026/06/09 11:48 a.m.•18 views

CVE-2017-20244

CVE-2017-20244 affects Wow Forms WordPress Plugin version 2.1. The vulnerability is an SQL injection in admin-ajax.php handling the send_mwp_form action, exploitable via an unescaped POST parameter mwpformid, allowing unauthenticated attackers to read arbitrary database information. Reported CVSS...

CVE•added 2026/06/09 11:48 a.m.•14 views

CVE-2017-20245

CVE-2017-20245 affects the Wow Viral Signups 2.1 WordPress plugin. It describes an SQL injection through the unescaped idsignup POST parameter in admin-ajax.php, allowing unauthenticated attackers to extract data from the database. CVSS 3.1 base score 8.2 (HIGH) and CVSS 4.0 base score 8.8 (HIGH)...

Vulnrichment•added 2026/06/09 11:48 a.m.•7 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

Cvelist•added 2026/06/09 11:48 a.m.•24 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

8.8CVSS0.0027EPSS