216081 matches found
CVE-2026-40766
CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions
CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40762 WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...
CVE-2026-40762
The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL
CVE-2026-39530 WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...
CVE-2026-39519 WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...
CVE-2026-39511
CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus
CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39502
This CVE concerns the WordPress plugin Form Maker by 10Web (versions <= 1.15.38). The issue is described as an Unauthenticated SQL Injection vulnerability in Form Maker by 10Web
CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
CVE-2026-39492
The CVE records an unauthenticated SQL Injection in WordPress WP Maps plugin
CVE-2026-39493 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
CVE-2026-39441
CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version
CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability
Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...
CVE-2026-24637
CVE-2026-24637 affects the WordPress PowerPress Podcasting plugin, specifically versions
CVE-2026-48114
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...
CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...
CVE-2026-48114
Metacat (versions 2.0.0 and later) contains an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT into HARVEST_SITE_SCHEDULE by string concatenation, wrapping literals with quoteString() without escaping. Three inputs (unit, con...
CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...