WordPress Booking for Appointments and Events Calendar – Amelia plugin <= 1.2.35 - Unauthenticated SQL Injection via search vulnerability

Unauthenticated SQL Injection via search vulnerability discovered by YCInfosec in WordPress Plugin Amelia versions = 1.2.35...

CVE-2025-12482

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12482 Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12482

CVE-2025-12482 affects the Booking for Appointments and Events Calendar – Amelia plugin for WordPress. The vulnerability is an unauthenticated SQL Injection via the search parameter in versions up to and including 1.2.35, caused by insufficient escaping and inadequate query preparation, enabling ...

PT-2025-47071

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 1.2.35 Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to SQL Injection due to insufficient input validation and query...

WordPress WP Custom Fields Search plugin <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Custom Fields Search versions = 1.2.35...

WordPress plugin WP Custom Fields Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (AST-2009-006)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...

libpng: Multiple vulnerabilities

Background libpng is the official PNG reference library used to read, write and manipulate PNG images. Description Multiple vulnerabilities were discovered in libpng: A memory leak bug was reported in pnghandletEXt, a function that is used while reading PNG images CVE-2008-6218. A memory overwrit...