Lucene search
+L

587 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/10 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.8AI score0.01382EPSS
In wildExploits0References2
CVE
CVE
added 2026/06/09 11:48 a.m.21 views

CVE-2017-20243

CVE-2017-20243 concerns the WordPress Car Park Booking Plugin. The initial report states a time-based SQL injection vulnerability in the plugin (version cited as of 17 Oct 2017) that allows unauthenticated attackers to manipulate database queries via the space_id parameter. By sending crafted GET...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47766

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space id parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.19 views

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.16 views

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00325EPSS
Exploits0References12
CVE
CVE
added 2026/06/06 4:28 a.m.41 views

CVE-2026-9829

CVE-2026-9829 affects the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery up to version 1.8.41. The flaw is a time-based SQL Injection in the compact_album_order_by shortcode parameter caused by insufficient escaping and lack of parameterized queries. Exploitation requires...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.25 views

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

6.5CVSS5.6AI score0.00325EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.13 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS5.6AI score0.00285EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.7AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.15 views

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.39 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:22 p.m.16 views

EUVD-2019-20181

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.8 views

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.11 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 1:22 p.m.26 views

CVE-2019-25745

CVE-2019-25745 affects WordPress Plugin Google Review Slider 6.1. The vulnerability is a time-based blind SQL injection in the tid parameter, exploitable via GET requests to the plugin’s admin interface by unauthenticated attackers to manipulate queries and potentially extract data. According to ...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 9:16 a.m.26 views

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS0.00504EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/28 7:43 a.m.12 views

CVE-2026-7048 Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.16 views

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References11
CVE
CVE
added 2026/05/28 7:43 a.m.41 views

CVE-2026-7048

The CVE-2026-7048 entry concerns the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery. A time-based blind SQL Injection exists via the order_by parameter in all versions up to and including 1.8.40, caused by insufficient escaping and incomplete SQL query preparation. Authen...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References10
Rows per page
Query Builder