Lucene search
+L

76 matches found

cnnvd
cnnvd
added 2026/02/14 12:0 a.m.10 views

WordPress plugin PhotoStack Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00497EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/14 12:0 a.m.8 views

PT-2026-8089

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00497EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-1640

Malware in sbrugna...

5.1CVSS6.4AI score0.0155EPSS
Exploits0References10
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-1504

Malware in sbrugna...

7.5CVSS6.4AI score0.02004EPSS
Exploits0References10
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4841

Malware in sbrugna...

7.5CVSS6.4AI score0.00929EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11421

Malware in sbrugna...

5.4CVSS5.4AI score0.00624EPSS
Exploits2References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-1700

Malware in sbrugna...

7.5CVSS6.4AI score0.01096EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-5768

Malware in sbrugna...

7.5CVSS6.4AI score0.01119EPSS
Exploits2References6
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-15734

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00853EPSS
Exploits2References2
redhatcve
redhatcve
added 2025/05/22 7:22 p.m.11 views

CVE-2021-24509

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...

5.4CVSS5.7AI score0.00624EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 1:30 a.m.7 views

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

7.5CVSS8.8AI score0.00929EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/04/09 2:22 a.m.8 views

CVE-2025-28400

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...

6.7CVSS7.5AI score0.00364EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/04/07 12:0 a.m.3 views

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the postID parameter...

6.7CVSS6.8AI score0.00364EPSS
Exploits1References2
cve
cve
added 2025/04/07 12:0 a.m.50 views

CVE-2025-28400

CVE-2025-28400 affects RUoYi v4.8.0. A remote attacker can escalate privileges via the postID parameter in the edit method. Documented impact includes elevated privileges; CVSSv3.1 base score 6.7 (Medium). No explicit exploit details are provided in the connected documents. Remediation details ar...

6.7CVSS7.2AI score0.00364EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2025/04/07 12:0 a.m.5 views

CVE-2025-28400

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...

7AI score0.00364EPSS
Exploits1References2
cvelist
cvelist
added 2025/04/07 12:0 a.m.28 views

CVE-2025-28400

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...

0.00364EPSS
Exploits1References2
cvelist
cvelist
added 2024/06/22 4:32 a.m.36 views

CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS0.00314EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/04/21 12:0 a.m.6 views

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from the lack of validation of external input SQL in the /admin.php?id=posts & action=display & value=1 &...

9.8CVSS6.1AI score0.0122EPSS
Exploits1References2
osv
osv
added 2022/03/21 7:15 p.m.3 views

CVE-2022-0640

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00853EPSS
Exploits2References2
cnnvd
cnnvd
added 2022/03/21 12:0 a.m.6 views

WordPress plugin Pricing Table Builder 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

6.1CVSS5.9AI score0.00853EPSS
Exploits2References3
Rows per page
Query Builder