5 matches found
EUVD-2026-11744
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
CVE-2026-22193
wpDiscuz plugin (before version 7.6.47) contains an SQL injection in getAllSubscriptions caused by improper quote escaping for parameters email, activation_key, subscription_date, and imported_from. This allows altering queries and potentially exfiltrating sensitive data. CVSS metrics indicate hi...
CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
CVE-2026-22193
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
PT-2026-25139
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...