CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/09 11:48 a.m.•5 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS5.7AI score0.0027EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•6 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

EUVD•added 2026/06/09 11:48 a.m.•5 views

EUVD-2017-18970

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

EUVD•added 2026/06/09 11:48 a.m.•5 views

EUVD-2017-18971

CVE•added 2026/06/09 11:48 a.m.•11 views

CVE-2017-20245

CVE-2017-20245 affects the Wow Viral Signups 2.1 WordPress plugin. It describes an SQL injection through the unescaped idsignup POST parameter in admin-ajax.php, allowing unauthenticated attackers to extract data from the database. CVSS 3.1 base score 8.2 (HIGH) and CVSS 4.0 base score 8.8 (HIGH)...

CVE•added 2026/06/09 11:48 a.m.•16 views

CVE-2017-20244

CVE-2017-20244 affects Wow Forms WordPress Plugin version 2.1. The vulnerability is an SQL injection in admin-ajax.php handling the send_mwp_form action, exploitable via an unescaped POST parameter mwpformid, allowing unauthenticated attackers to read arbitrary database information. Reported CVSS...

Vulnrichment•added 2026/06/09 11:48 a.m.•5 views

CVE-2017-20243 WordPress Car Park Booking Plugin SQL Injection via space_id

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS

Cvelist•added 2026/06/09 11:48 a.m.•22 views

CVE-2016-20065 Product Catalog 8 1.2 Plugin WordPress SQL Injection

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS0.0027EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•7 views

CVE-2016-20063 Single Personal Message 1.0.3 WordPress Plugin SQL Injection

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

7.1CVSS6AI score0.00221EPSS

CVE•added 2026/06/09 11:48 a.m.•11 views

CVE-2016-20063

CVE-2016-20063 affects Single Personal Message 1.0.3 WordPress Plugin. The vulnerability is an SQL injection in the message parameter, exploitable by authenticated users to run arbitrary SQL queries, potentially accessing sensitive database information and site configuration data. Attack vector i...

7.1CVSS6AI score0.00221EPSS

EUVD•added 2026/06/09 11:48 a.m.•8 views

EUVD-2016-10876

7.1CVSS6AI score0.00221EPSS

Vulnrichment•added 2026/06/09 11:48 a.m.•4 views

CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS6.1AI score0.0027EPSS

CVE•added 2026/06/09 11:48 a.m.•12 views

CVE-2016-20062

The CVE covers a SQL injection in the Simply Poll 1.4.1 WordPress plugin. Attackers can exploit an unauthenticated POST to admin-ajax.php using the spAjaxResults action with crafted pollid values to execute arbitrary SQL and read data from the WordPress database. Affected component: Simply Poll 1...

8.8CVSS6.1AI score0.0027EPSS

EUVD•added 2026/06/09 11:48 a.m.•7 views

EUVD-2016-10875

8.8CVSS6.1AI score0.0027EPSS

NVD•added 2026/06/09 11:16 a.m.•7 views

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS0.0037EPSS

CVE•added 2026/06/09 10:54 a.m.•14 views

CVE-2026-49741

CVE-2026-49741 concerns TYPO3 CMS where backend users with write access to the form_definition table can directly manipulate form definitions via DataHandler, bypassing Form Framework validation and permission checks. This enables injecting arbitrary form configurations and is associated with SQL...

8.7CVSS5.7AI score0.0037EPSS

Vulnrichment•added 2026/06/09 10:54 a.m.•5 views

CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

8.7CVSS5.7AI score0.0037EPSS

Cvelist•added 2026/06/09 10:54 a.m.•31 views

CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

8.7CVSS0.0037EPSS