WordPress plugin EnvíaloSimple: Email Marketing y Newsletters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

SQL Injection

alerta-server is vulnerable to SQL Injection. The vulnerability is due to direct interpolation of user-supplied query parameters into SQL statements without sanitization, which allows an attacker to inject and execute arbitrary SQL queries...

SUSE CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

GHSA-X46R-MF5G-XPR6 Glances has SQL Injection via Process Names in TimescaleDB Export

Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as...

SQL Injection

Parsl is vulnerable to SQL Injection.The vulnerability is due to unsafe construction of SQL queries using user-supplied URL parameters without proper sanitization, which allows an unauthenticated attacker to inject arbitrary SQL commands and potentially exfiltrate data or cause a denial of servic...

WordPress plugin Easy Email Subscription SQL注入漏洞

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

WordPress plugin Product Filter by WBW SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

WordPress plugin RapidResult SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

WordPress Rich Snippet Site Report plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Rich Snippet Site Report plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping of user-supplied parameter last and...

CVE-2024-56143

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

WordPress plugin WP Dashboard Chat SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injecti...

WordPress plugin onOffice for WP-Websites SQL注入漏洞

WordPress onOffice for WP-Websites plugin is a WordPress plugin developed by onOfficeGmbH that is mainly used to integrate listings, addresses or forms from real estate management software such as onOffice into a WordPress website, supports shortcode flexible design and allows for Generate...

WordPress plugin Custom 404 Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

EUVD-2025-28389

Malicious code in bioql PyPI...

WordPress plugin CatFolders SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-51092

The CVE-2025-51092 entry concerns the LogIn-SignUp project by VishnuSivadasVS. The underlying issue is SQL Injection due to unsafe SQL query construction in DataBase.php: logIn() and signUp() concatenate user input and unvalidated table names instead of using prepared statements. Although a prepa...

The vulnerability of the application programming interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to and modify protected information.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized acce...

The vulnerability in the AVEVA (Wonderware) Historian web server’s data archiving mechanism involves a lack of protection for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of AVEVA Wonderware Historian’s data archiving server is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user specifically visits a specially crafted U...

The vulnerability of the Netcat module in CMS systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the messaging module in the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the protected information from the database...