303845 matches found
sqlilabs-waf-bypass
SQLi-Labs WAF Bypass Project Target: http://home.ctfst...
CVE-2026-9700
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14500
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2026-11798
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...
CVE-2026-14500
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2026-14500 Bulk Order Update for WooCommerce <= 1.6 - Unauthenticated Arbitrary File Read via 'csv_url' Parameter
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2026-14500
The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (
EUVD-2026-42175
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2026-14489 WHMCS Bridge <= 6.9 - Unauthenticated Arbitrary File Upload via 'ccce' Parameter
The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...
CVE-2026-9700
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-9700
The CVE covers the WordPress Eventer plugin vulnerability up to version 4.4.2, caused by insufficient escaping of the user-supplied code parameter and inadequate SQL query preparation. This enables time-based SQL injection by unauthenticated attackers to append additional SQL to existing queries ...
CVE-2026-9700 Eventer <= 4.4.2 - Unauthenticated SQL Injection via 'code' Parameter
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
EUVD-2026-42170
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-11798
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-11798 Social Share, Social Login and Social Comments Plugin <= 7.14.5 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...
CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14495
CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...
CVE-2026-11798
The CVE concerns the WordPress plugin Social Share, Social Login and Social Comments Plugin – Super Socializer . It is vulnerable to Reflected Cross-Site Scripting via the parameter heateor_mastodon_share in all versions up to and including 7.14.5 , caused by insufficient input sanitization and o...