216160 matches found
WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Views for WPForms versions = 3.4.6...
WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend versions = 3.3.2...
WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by daroo in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...
Web-Based-Honeypot-for-Intrusion-Detection
Web-Based-Honeypot-for-Intrusion-Detection A Web-Based Honeypo...
CVE-2026-7797 Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...
CVE-2026-7797
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...
CVE-2026-6455 WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...
EUVD-2026-32736
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...
CVE-2026-6455
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...
CVE-2026-6455 WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...
PT-2026-44206
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append where sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and...
WordPress plugin Photo Gallery by 10Web SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Marten SQL注入漏洞
Marten is a PostgreSQL-based .NET documentation database and event storage tool developed by JasperFx. Versions of Marten prior to 8.36.1 contained an SQL injection vulnerability. This vulnerability occurred due to the full-text search API not being parameterized or verifying the regConfig...
Debian dsa-6301 : roundcube - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...
[SECURITY] [DSA 6301-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...
CVE-2026-44886
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...
CVE-2026-9573
A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...
WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin <= 1.8.40 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Or Benit - MadSec in WordPress Plugin Photo Gallery by 10Web versions = 1.8.40...
CVE-2026-44886
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...
CVE-2026-44886
Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...