WordPress WP AutoKeyword plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin WP AutoKeyword versions = 1.0...

CVE-2024-8624

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'metakey' attribute of the 'mdfselecttitle' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

CVE-2024-13680 Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection

The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CPEASYFORMWILLAPPEARHERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-6479 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'noofreviews' attribute in the woocommercereviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-1793

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...

CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

CVE-2021-24662 Game Server Status <= 1.0 - Admin+ SQL Injection

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

WordPress Plugin Simple Forum 1.10 1.11 - SQL Injection

WordPress Plugin Simple Forum 1.10 1.11 - SQL Injection Simple Forum Version 1.10-1.11 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAÄ°L : [email protected] Simple Forum - Version 1.10 Simple Forum - Version 1.10 - 2.1.3 Simple Forum - Version 1.11...