234115 matches found
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...
CVE-2026-39511
CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus
CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39502
This CVE concerns the WordPress plugin Form Maker by 10Web (versions <= 1.15.38). The issue is described as an Unauthenticated SQL Injection vulnerability in Form Maker by 10Web
CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
CVE-2026-39492
The CVE records an unauthenticated SQL Injection in WordPress WP Maps plugin
CVE-2026-39493 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
CVE-2026-39441
CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version
CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability
Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...
CVE-2026-24637
CVE-2026-24637 affects the WordPress PowerPress Podcasting plugin, specifically versions
CVE-2026-48114
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...
CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...
CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...
CVE-2026-48114
Metacat (versions 2.0.0 and later) contains an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT into HARVEST_SITE_SCHEDULE by string concatenation, wrapping literals with quoteString() without escaping. Three inputs (unit, con...
CVE-2019-25746
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...
CVE-2016-20073
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...
CVE-2016-20072
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20071
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
CVE-2016-20068
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...
WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10.1...