CVE-2026-4029

The Database Backup for WordPress plugin (WordPress) is affected by unauthorized database export in all versions up to 2.5.2 due to improper enforcement of the authorization check return value. This enables unauthenticated attackers to export database tables, causing Sensitive Information Exposur...

CVE-2021-47941

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...

PT-2026-22483

Name of the Vulnerable Software and Affected Versions wpForo version 2.4.14 Description The software contains an unauthenticated SQL injection issue in the Topics::get topics function. The problem stems from ineffective sanitization using esc sql on unquoted identifiers within the ORDER BY clause...

CVE-2026-2284

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'necleandata' AJAX action. This makes it possible for authenticated attackers,...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

CVE-2025-14168

CVE-2025-14168 concerns the WordPress plugin WP DB Booster. The issue is a Cross-Site Request Forgery (CSRF) vulnerability on the cleanup_all AJAX action, present in versions up to and including 1.0.1. The flaw allows unauthenticated attackers to trigger actions that delete database records such ...

EUVD-2021-34174

Malicious code in bioql PyPI...

PT-2025-34013 · WordPress · Miniorange Custom Api For Wp

Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for SQL injection attacks...

CVE-2024-1501

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via ...

WordPress Database Toolset plugin <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files vulnerability

Unauthenticated Sensitive Information Exposure via Backup Files vulnerability discovered by Guy Shavit in WordPress Plugin Database Toolset versions = 1.8.4...

CVE-2025-32633 WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: from n/a through = 1.8.4...

CVE-2024-13910

CVE-2024-13910 affects the WordPress plugin “Database Backup and check Tables Automated With Scheduler 2024” (Database Backup, plugin versions

WordPress Database Backup plugin <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure vulnerability

Authenticated Administrator+ Sensitive Information Exposure vulnerability discovered by sterva in WordPress Plugin Database Backup versions = 2.35...

CVE-2021-4341

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

CVE-2025-0861 VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection

The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-23486 WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in tamlyn Database Sync database-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database Sync: from n/a through = 0.5.1...

CVE-2023-49167 WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through = 1.2.4...

VulnCheck KEV: CVE-2020-36835

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wpajaxwpvividaddremote AJAX action that allows low-level authenticated attackers to send back-ups to a...

CVE-2022-4162 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...

WordPress plugin Database Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5....