Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

263201 matches found

Cvelist
Cvelistadded 5 days ago26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVDadded 5 days ago5 views

EUVD-2016-10885

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CVE
CVEadded 5 days ago7 views

CVE-2016-20072

CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago26 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS0.0027EPSS
Exploits0References4
EUVD
EUVDadded 5 days ago5 views

EUVD-2016-10884

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago29 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS0.00231EPSS
Exploits0References3
CVE
CVEadded 5 days ago4 views

CVE-2016-20070

CVE-2016-20070 affects WordPress plug‑in Booking Calendar Contact Form 1.0.23 . The vulnerability comprises a privilege escalation and a stored XSS flaw that allows authenticated, subscriber‑level users to modify plugin options and inject XSS payloads. Payloads can be supplied via parameters such...

6.4CVSS5.3AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago4 views

EUVD-2016-10882

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References3
CVE
CVEadded 5 days ago6 views

CVE-2016-20071

The CVE concerns the WordPress plugin 404 Redirection Manager (version 1.0) for which an unauthenticated SQL injection is described. The vulnerability allows remote attackers to influence database queries and potentially extract sensitive data by sending crafted, unsanitized input via HTTP GET re...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago6 views

EUVD-2016-10883

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelistadded 5 days ago29 views

CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS0.00302EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago4 views

EUVD-2016-10881

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
CVE
CVEadded 5 days ago5 views

CVE-2016-20069

CVE-2016-20069 affects WordPress plugin WordPress Booking Calendar Contact Form 1.0.23. It contains an unauthenticated blind SQL injection in the shortcode function where the calendar parameter is not sanitized before being used in database queries. This allows an attacker to inject SQL commands ...

8.8CVSS6.2AI score0.0024EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago3 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelistadded 5 days ago31 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
CVE
CVEadded 5 days ago7 views

CVE-2016-20067

CVE-2016-20067 : WordPress CP Polls 1.0.8 contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized poll operations on behalf of an authenticated administrator. An attacker can craft a malicious HTML page; when an admin visits it while logged in, t...

5.3CVSS5.3AI score0.00116EPSS
Exploits0References2
Rows per page
Query Builder