72 matches found
CVE-2026-6230
The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
EUVD-2026-42215
The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2026-6230
The CVE-2026-6230 entry concerns the Tainacan WordPress plugin vulnerable to a time-based blind SQL Injection via the REST API parameter 'geoquery' in all versions up to 1.0.3. Root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the existing SQL query,...
CVE-2026-6230 Tainacan <= 1.0.3 - Unauthenticated SQL Injection via 'geoquery' REST API Parameter
The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Tainacan versions = 1.0.3...
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42740
The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability
Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...
CVE-2025-14043
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
EUVD-2025-204652
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
CVE-2025-14043
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
CVE-2025-14043 Tainacan <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...
CVE-2025-14043
CVE-2025-14043 affects the WordPress plugin Tainacan . Affected: versions up to and including 1.0.1. Root cause: the REST endpoint’s permissions check in create_item_permissions_check() unconditionally returns true, bypassing authentication/authorization validation. Impact: unauthenticated attack...
WordPress plugin Tainacan 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-52573
Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to and including 1.0.1 Description The Tainacan plugin for WordPress has a flaw where unauthorized metadata sections can be created. This is because the create item permissions check function always...
WordPress Tainacan plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peb - NA in WordPress Plugin Tainacan versions = 1.0.0...
CVE-2025-12746
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2025-12747
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...
CVE-2025-12747
The CVE-2025-12747 entry describes an information exposure in the WordPress Tainacan plugin up to version 1.0.0, where private-uploaded files are exposed in wp-content and readable by unauthenticated users. Connected sources confirm the issue and indicate a fix was introduced (e.g., GitHub diff 1...