Lucene search
K

341 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...

9.3CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday27 views

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7.3AI score0.01579EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday59 views

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.3AI score0.02626EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday12 views

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

9.8CVSS7.3AI score0.04109EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday162 views

WP Fastest Cache 1.2.2 - SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...

7.5CVSS7.2AI score0.73708EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday27 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS7.3AI score0.47002EPSS
Exploits6References5
CVE
CVE
added 2 days ago12 views

CVE-2026-11823

The CVE-2026-11823 entry concerns the BookingPress Appointment Booking Pro plugin for WordPress, affected up to version 5.7.1. The vulnerability is a SQL Injection via the store_service_date parameter of the bpa_assign_staffmember_to_slots() function. Root cause: user-supplied POST data is passed...

7.5CVSS5.9AI score0.00285EPSS
Exploits0References2
Patchstack
Patchstack
added 3 days ago6 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 5 days ago8 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS5.8AI score0.00505EPSS
Exploits1References1
NVD
NVD
added last week6 views

CVE-2026-56036

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-54825

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-39720

Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39674

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.30 views

CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:21 a.m.6 views

WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...

7.5CVSS6AI score0.00304EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:1 p.m.34 views

CVE-2017-20265 Joomla! Component Flip Wall 8.0 SQL Injection

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/18 10:21 a.m.23 views

CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS0.00587EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37589

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder