216677 matches found
CVE-2026-2468
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The CVE-2026-1800 entry concerns The Fonts Manager | Custom Fonts plugin for WordPress. A time-based SQL Injection affects all versions up to 1.2 via the fmcfIdSelectedFnt parameter, caused by insufficient escaping of user input and lack of proper SQL query preparation. This allows unauthenticate...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-3334
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334
The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2026-2279
The CVE concerns the WordPress plugin myLinksDump (WordPress plugin; vulnerable component: SQL construction in myLinksDump.php). Affected versions: all versions up to and including 1.6. Root cause: insufficient escaping of user-supplied parameters and lack of proper preparation of the existing SQ...
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2026-2279
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
EUVD-2026-13833
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
PT-2026-26815
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Green CMS SQL注入漏洞
Green CMS is a content management system developed by Green CMS Inc. The Green CMS 2.x version has a SQL injection vulnerability. This vulnerability stems from the cat parameter, which allows for SQL injections. As a result, authenticated attackers could execute arbitrary SQL queries...
PT-2026-26928
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...
PT-2026-26929
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
WordPress plugin Quentn WP SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...
Kepler Wallpaper Script SQL注入漏洞
Kepler Wallpaper Script is a desktop wallpaper generation script developed by Kepler Wallpaper Inc. Version 1.1 of Kepler Wallpaper Script contains an SQL injection vulnerability. This vulnerability stems from the category parameter, which allows for SQL injections, potentially enabling...