Lucene search
K

72 matches found

NVD
NVD
added last week9 views

CVE-2026-6230

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 11:30 a.m.6 views

EUVD-2026-42215

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 11:30 a.m.13 views

CVE-2026-6230

The CVE-2026-6230 entry concerns the Tainacan WordPress plugin vulnerable to a time-based blind SQL Injection via the REST API parameter 'geoquery' in all versions up to 1.0.3. Root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the existing SQL query,...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 11:30 a.m.32 views

CVE-2026-6230 Tainacan <= 1.0.3 - Unauthenticated SQL Injection via 'geoquery' REST API Parameter

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS0.00273EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/28 7:21 a.m.16 views

WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Tainacan versions = 1.0.3...

9.3CVSS5.9AI score0.00236EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.37 views

CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...

9.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.23 views

CVE-2026-42740

The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/22 2:35 a.m.4 views

CVE-2025-14043

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

5.3CVSS6.3AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/21 3:31 a.m.5 views

EUVD-2025-204652

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2025/12/21 3:15 a.m.5 views

CVE-2025-14043

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

5.3CVSS0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.19 views

CVE-2025-14043 Tainacan <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

5.3CVSS0.00301EPSS
Exploits0References3
CVE
CVE
added 2025/12/21 2:20 a.m.22 views

CVE-2025-14043

CVE-2025-14043 affects the WordPress plugin Tainacan . Affected: versions up to and including 1.0.1. Root cause: the REST endpoint’s permissions check in create_item_permissions_check() unconditionally returns true, bypassing authentication/authorization validation. Impact: unauthenticated attack...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.4 views

WordPress plugin Tainacan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.6 views

PT-2025-52573

Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to and including 1.0.1 Description The Tainacan plugin for WordPress has a flaw where unauthorized metadata sections can be created. This is because the create item permissions check function always...

5.3CVSS6.8AI score0.00301EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/11/24 8:20 a.m.7 views

WordPress Tainacan plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peb - NA in WordPress Plugin Tainacan versions = 1.0.0...

6.1CVSS6.4AI score0.00224EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.8 views

CVE-2025-12746

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS5.6AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 5:15 p.m.4 views

CVE-2025-12747

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

5.3CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 4:28 p.m.18 views

CVE-2025-12747

The CVE-2025-12747 entry describes an information exposure in the WordPress Tainacan plugin up to version 1.0.0, where private-uploaded files are exposed in wp-content and readable by unauthenticated users. Connected sources confirm the issue and indicate a fix was introduced (e.g., GitHub diff 1...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder