Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-11305

Malware in sbrugna...

7.2CVSS7AI score0.01547EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/07/16 11:28 a.m.3 views

CVE-2025-24759 WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n/a through 3.1.3...

9.3CVSS7.2AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 11:18 a.m.10 views

CVE-2025-32297 WordPress Simple Link Directory Pro plugin < 14.8.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through 14.8.1...

8.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 4:15 a.m.4 views

CVE-2025-4381

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace function in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/17 1:44 a.m.1 views

CVE-2025-5673 Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS7.5AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/09 3:54 p.m.4 views

CVE-2025-48122 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows SQL Injection.This issue affects...

9.3CVSS5.9AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:15 p.m.6 views

CVE-2022-0190

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...

8.8CVSS7.9AI score0.01272EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/06 9:21 a.m.31 views

CVE-2025-2011 Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS0.46724EPSS
Exploits6References8
Vulnrichment
Vulnrichment
added 2025/04/01 5:32 a.m.4 views

CVE-2025-30971 WordPress XV Random Quotes plugin <= 2.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quotes: from n/a through = 2.0.0...

9.3CVSS7.4AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/09 8:40 a.m.12 views

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the regid parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

8.8CVSS7.2AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.15 views

CVE-2025-25112 WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kareemsultan Social Links social-links allows Command Line Execution through SQL Injection.This issue affects Social Links: from n/a through = 1.2...

7.6CVSS0.00686EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 11:13 a.m.60 views

CVE-2024-13234

The CVE-2024-13234 in WordPress Plugin: Product Table by WBW is an unauthenticated SQL Injection via the additionalCondition parameter in all versions up to 2.1.2. Public sources confirm this vulnerability and note a patch exists in later versions, but the exact fixed version is not specified in ...

9.8CVSS7.6AI score0.00461EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/14 6:45 a.m.18 views

CVE-2024-11711 WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.005EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/01/03 12:49 p.m.11 views

CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

7.2AI score0.17484EPSS
Exploits5References1
Rows per page
Query Builder