CVE-2025-30787 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through = 5.25.08...

CVE-2025-2319

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTSmenu' function. This makes it possible for unauthenticated attackers to...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-2319

CVE-2025-2319 concerns the EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress. According to the CVE entry, versions 4.11.13 through 5.25.08 are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the ELISQLREPORTS_menu function, which could all...

CVE-2025-2319 EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTSmenu' function. This makes it possible for unauthenticated attackers to...

CVE-2025-2319 EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTSmenu' function. This makes it possible for unauthenticated attackers to...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin 4.11.13-5.25.08 - CSRF to RCE vulnerability

CSRF to RCE vulnerability discovered by luckybuddy in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions 4.11.13-5.25.08...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-26887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through = 5.21.35...

CVE-2025-26887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through = 5.21.35...

CVE-2025-26887

CVE-2025-26887 is a Stored XSS in EZ SQL Reports Shortcode Widget and DB Backup for WordPress. Affected: EZ SQL Reports Shortcode Widget and DB Backup (vulnerable range up to 5.21.35). Root cause per description: Improper Neutralization of Input During Web Page Generation (XSS). Impact details in...

CVE-2025-26887 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through = 5.21.35...

PT-2025-7837 · Db Backup +1 · Db Backup +1

Name of the Vulnerable Software and Affected Versions: EZ SQL Reports Shortcode Widget and DB Backup versions n/a through 5.21.35 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attack...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.21.35...

WordPress EZ SQL Reports Shortcode Widget and DB Backup SQL Injection

SQL Injection vulnerability in WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin shortcode parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

WordPress EZ SQL Reports Shortcode Widget and DB Backup RCE

Remote command execution vulnerability in WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin shortcode parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary Code Execution

There are several calls to "passtthru" in the code, one of them is receiving the username, password, database name and host from the $POST arguments, so you can inject in every of this parameter the ";" character or others like "&&" or "||" to execute other distinct commands to "/usr/bin/mysql"...

WordPress Plugin EZ SQL Reports 4.11.37 - Multiple Vulnerabilities

WordPress Plugin EZ SQL Reports 4.11.37 - Multiple Vulnerabilities Exploit Title: EZ SQL Reports Proxy-Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Referer:...