470 matches found
PT-2024-20995 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: Error messages in RuvarOA were discovered to leak the physical path of the website, specifically at the /WorkFlow/OfficeFileUpdate.aspx endpoint. This issue can allow attackers to write files t...
CVE-2024-33546
CVE-2024-33546 is an unauthenticated SQL Injection in the WooCommerce Amazon Affiliates/WooZone plugin for WordPress, affecting WZone up to version 14.0.10. The CVSS v3.1 base vector indicates network access (AV:N) with low attack complexity (AC:L) and requires low privileges (PR:L) with no user ...
CVE-2024-32709
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5...
CVE-2024-32706
CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...
CVE-2024-32602
CVE-2024-32602 is an SQL Injection flaw in OnTheGoSystems WooCommerce Multilingual & Multicurrency (affecting 5.3.3.1 and earlier). Root cause: improper neutralization of SQL elements in the plugin’s queries. Impact: high risk to confidentiality and integrity of database content; authenticated at...
CVE-2022-47151
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1...
CVE-2024-1601 SQL Injection in parisneo/lollms-webui
An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...
CVE-2024-32137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2024-32139
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12...
CVE-2024-32136
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3...
CVE-2024-32132
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20...
CVE-2024-32132
CVE-2024-32132: CBX Bookmark & Favorite (WordPress plugin CBXWPBookmark) is affected by an SQL Injection vulnerability up to version 1.7.20. The connected Wordfence entry labels it as an Authenticated (Administrator+) SQL Injection, indicating exploitation requires an authenticated admin+ user; n...
CVE-2024-32135
CVE-2024-32135 refers to an SQL Injection flaw in the WPZest Disable Comments plugin for WordPress (Disable Comments | WPZest), affecting version up to 1.51. Connected sources confirm the vulnerability type and affected plugin, but do not provide a patch; patch status is listed as Unpatched. The ...
CVE-2024-32139
CVE-2024-32139 : Podlove Podlove Podcast Publisher for WordPress contains an authenticated SQL Injection flaw (improper neutralization of input in SQL commands). Affected versions are Podlove Podlove Podcast Publisher
CVE-2024-31234
CVE-2024-31234 affects the REHub Framework (WordPress) with an authenticated SQL Injection vulnerability in the framework prior to version 19.6.2. The issue is due to improper neutralization of special elements used in SQL commands. Evidence in connected RH data confirms the vulnerability, its au...
CVE-2024-30489
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-30489
CVE-2024-30489 affects WP Cost Estimation & Payment Forms Builder for WordPress. Root cause: improper neutralization of SQL elements in a query, enabling SQL injection. Affected versions are up to 10.1.75 (n/a–10.1.75). CVSS v3.1 base score 8.5 (HIGH) with Attack Vector: Network, Attack Complexit...
CVE-2024-30501
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4...
CVE-2024-30498
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4...
CVE-2024-30495
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47...