3 matches found
CVE-2026-3658
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
This module exploits a SQL injection vulnerability in the Perfect Survey plugin for WordPress version 1.5.1. An unauthenticated attacker can exploit the SQLi to retrieve sensitive information such as usernames, emails, and password hashes from the wpusers table. Module Options msf use...
PT-2024-18826 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data, including all registered...