CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 days ago•5 views

EUVD-2016-10887

8.8CVSS6AI score0.00327EPSS

5.3CVSS5.1AI score0.00106EPSS

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

Exploits0References2

Cvelist•added 4 days ago•27 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

5.3CVSS0.00106EPSS

Exploits0References2

8.8CVSS6AI score0.00327EPSS

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

EUVD•added 4 days ago•4 views

EUVD-2016-10886

5.3CVSS5.1AI score0.00106EPSS

Exploits0References2

CVE•added 4 days ago•6 views

CVE-2016-20073

The Answer My Question 1.3 WordPress plugin contains an unauthenticated SQL injection in modal.php via the id POST parameter, enabling attackers to execute arbitrary SQL and extract sensitive database information (e.g., WordPress terms and configuration data). CVSS metrics are provided: CVSS v3.1...

8.8CVSS6.2AI score0.0027EPSS

Cvelist•added 4 days ago•26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS

EUVD•added 4 days ago•4 views

EUVD-2016-10885

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

CVE•added 4 days ago•7 views

CVE-2016-20072

CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....

8.8CVSS6.2AI score0.0027EPSS

Cvelist•added 4 days ago•26 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS0.0027EPSS

EUVD•added 4 days ago•5 views

EUVD-2016-10884

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

Cvelist•added 4 days ago•29 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS0.00231EPSS

CVE•added 4 days ago•5 views

CVE-2016-20071

The CVE concerns the WordPress plugin 404 Redirection Manager (version 1.0) for which an unauthenticated SQL injection is described. The vulnerability allows remote attackers to influence database queries and potentially extract sensitive data by sending crafted, unsanitized input via HTTP GET re...

8.8CVSS6.2AI score0.00302EPSS

CVE•added 4 days ago•4 views

CVE-2016-20070

CVE-2016-20070 affects WordPress plug‑in Booking Calendar Contact Form 1.0.23 . The vulnerability comprises a privilege escalation and a stored XSS flaw that allows authenticated, subscriber‑level users to modify plugin options and inject XSS payloads. Payloads can be supplied via parameters such...

6.4CVSS5.3AI score0.00231EPSS

Cvelist•added 4 days ago•28 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS0.00302EPSS

6.4CVSS5.2AI score0.00231EPSS

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

EUVD•added 4 days ago•5 views

EUVD-2016-10883

8.8CVSS6.2AI score0.00302EPSS