24 matches found
CVE-2026-3523
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...
EUVD-2017-9687
Malware in sbrugna...
EUVD-2015-9300
Malware in sbrugna...
CVE-2025-9172
The CVE-2025-9172 entry concerns the WordPress plugin Vibes (
CVE-2025-48161 WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a through = 1.3...
CVE-2025-52822 WordPress WP Roadmap plugin <= 2.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through = 2.1.3...
CVE-2015-10111
A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watuexams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiate...
CVE-2024-51601 WordPress Website price calculator plugin <= 4.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through = 4.1...
CVE-2024-25928 WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5...
Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection
Description The Who Hit The Page – Hit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.14.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
WP Custom Cursors < 3.2 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 1. Add a new "WP Custom Cursor". 2. Return to the "WP Custom Cursors" page and click edit Cursor. 3.The WP Custom Cursors...
CVE-2015-10100 Dynamic Widgets Plugin dynwid_class.php sql injection
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwidclass.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to versio...
PT-2023-14760 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: The issue is related to a SQL Injection vulnerability. Recommendations: For LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2, update to a version newer th...
CVE-2022-0592
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users...
CVE-2025-47608
creationtimestamp| type| source ---|---|--- 2021-02-04 17:02:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpabandonedcartsqli.rb 2025-06-09 18:11:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17726 2025-10-...
CVE-2015-9395
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action...
CVE-2015-9334
The email-newsletter plugin through 20.15 for WordPress has SQL injection...
WpJobBoard <= 4.4.4 - Multiple SQL Injections
The wpjobboard WordPress plugin was affected by a Multiple SQL Injections security vulnerability...
CVE-2017-14848
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employeeid parameter...