216631 matches found
CVE-2026-4087
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-4087
CVE-2026-4087 affects the Pre* Party Resource Hints plugin for WordPress. The vulnerability is an SQL Injection via the hint_ids parameter in the pprh_update_hints AJAX action, present in all versions up to and including 1.8.20 . It results from insufficient escaping of user input and lack of pro...
CVE-2026-2468 Quentn WP <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...
CVE-2026-2468
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2026-1800
The CVE-2026-1800 entry concerns The Fonts Manager | Custom Fonts plugin for WordPress. A time-based SQL Injection affects all versions up to 1.2 via the fmcfIdSelectedFnt parameter, caused by insufficient escaping of user input and lack of proper SQL query preparation. This allows unauthenticate...
CVE-2026-3334
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334
The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2026-2279
The CVE concerns the WordPress plugin myLinksDump (WordPress plugin; vulnerable component: SQL construction in myLinksDump.php). Affected versions: all versions up to and including 1.6. Root cause: insufficient escaping of user-supplied parameters and lack of proper preparation of the existing SQ...
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2026-2279
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
EUVD-2026-13833
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
PT-2026-26815
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
WordPress plugin CMS Commander SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Green CMS SQL注入漏洞
Green CMS is a content management system developed by Green CMS Inc. The Green CMS 2.x version has a SQL injection vulnerability. This vulnerability stems from the cat parameter, which allows for SQL injections. As a result, authenticated attackers could execute arbitrary SQL queries...