WP Query Console <= 1.0 - Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0. id: CVE-2024-50498 info: name: WP Query Console = 1.0 - Remote Code Execution author: s4e-io severity: critical...

EUVD-2026-31072

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

EUVD-2025-3541

Malicious code in bioql PyPI...

EUVD-2025-2682

Malicious code in bioql PyPI...

EUVD-2025-10952

Malicious code in bioql PyPI...

EUVD-2025-9889

Malicious code in bioql PyPI...

EUVD-2023-27918

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2024-50498

Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...

CVE-2025-23926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...

CVE-2023-23832

Auth. contributor+ Cross-Site Scripting XSS vulnerability in TC Ultimate WP Query Search Filter plugin = 1.0.10 versions...

CVE-2025-26743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through = 1.0.10...

CVE-2025-26743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through = 1.0.10...

CVE-2025-26743

CVE-2025-26743 : Reflected XSS in the WordPress plugin Advance WP Query Search Filter (affected from unspecified versions up to 1.0.10). Root cause: Improper Neutralization of Input During Web Page Generation. CVSSv3.1 base score 7.1 (HIGH) with network attack vector, no privileges, user interact...

CVE-2025-32120

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...

CVE-2025-32120

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...

CVE-2025-22264

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through = 1.0...

CVE-2025-22264

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through = 1.0...

CVE-2025-22264 WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through = 1.0...

PT-2025-4402 · Tarak Patel · Wp Query Creator

Name of the Vulnerable Software and Affected Versions: Tarak Patel WP Query Creator versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject maliciou...

WordPress plugin WP Query Creator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...