CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216098 matches found

CVE-2016-20073

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS

Exploits0References4

NVD•added 2 days ago•6 views

CVE-2016-20068

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS0.00302EPSS

Exploits0References3

Cvelist•added 2 days ago•29 views

CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

8.8CVSS0.00302EPSS

Exploits0References3

CVE•added 2 days ago•5 views

CVE-2016-20068

The CVE-2016-20068 entry details an unauthenticated blind SQL injection in WordPress Booking Calendar Contact Form 1.0.23. The vulnerability is triggered via admin-ajax.php with action set to dex_bccf_calendar_ajaxevent, using a crafted value in the id parameter to extract sensitive database info...

8.8CVSS6.3AI score0.00302EPSS

Exploits0References3

Vulnrichment•added 2 days ago•4 views

CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS

Exploits0References4

EUVD•added 2 days ago•8 views

EUVD-2019-20182

7.1CVSS5.7AI score0.00226EPSS

Exploits0References4

CVE•added 2 days ago•5 views

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability exploitable via the post parameter. Attackers can target admin.php with action=duplicate_quote_invoice and malicious post values to extract data or modify data. Evidence: authenticated, low-privilege requirement...

7.1CVSS5.8AI score0.00226EPSS

Exploits0References4

Cvelist•added 2 days ago•26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

8.8CVSS0.0027EPSS

Exploits0References4

CVE•added 2 days ago•6 views

CVE-2016-20073

The Answer My Question 1.3 WordPress plugin contains an unauthenticated SQL injection in modal.php via the id POST parameter, enabling attackers to execute arbitrary SQL and extract sensitive database information (e.g., WordPress terms and configuration data). CVSS metrics are provided: CVSS v3.1...

8.8CVSS6.2AI score0.0027EPSS

Exploits0References4

EUVD•added 2 days ago•4 views

EUVD-2016-10885

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4

Vulnrichment•added 2 days ago•4 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4

Cvelist•added 2 days ago•26 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS0.0027EPSS

Exploits0References4

Vulnrichment•added 2 days ago•4 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4

EUVD•added 2 days ago•5 views

EUVD-2016-10883

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.2AI score0.00302EPSS

Exploits0References3

CVE•added 2 days ago•5 views

CVE-2016-20071

The CVE concerns the WordPress plugin 404 Redirection Manager (version 1.0) for which an unauthenticated SQL injection is described. The vulnerability allows remote attackers to influence database queries and potentially extract sensitive data by sending crafted, unsanitized input via HTTP GET re...

8.8CVSS6.2AI score0.00302EPSS

Exploits0References3

Vulnrichment•added 2 days ago•3 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

8.8CVSS6.1AI score0.00302EPSS

Exploits0References3

Vulnrichment•added 2 days ago•3 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS

Exploits0References3

Cvelist•added 2 days ago•31 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

8.8CVSS0.0024EPSS

Exploits0References3

EUVD•added 2 days ago•4 views

EUVD-2016-10881

8.8CVSS6.1AI score0.0024EPSS

Exploits0References3