GD Security Headers < 1.7.1 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the filter-vd and filter-ed parameters before using them in SQL statements, leading to SQL injections exploitable by high privilege users such as admin...

WordPress 4.5.x < 4.5.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

Microfinance Management System 1.0 SQL Injection Vulnerability

Microfinance Management System version suffers from multiple remote SQL injection vulnerabilities including one that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Hejap Zairy in March of 2022. Exploit Title: Microfinance Management System 1...