40 matches found
PT-2025-4402 · Tarak Patel · Wp Query Creator
Name of the Vulnerable Software and Affected Versions: Tarak Patel WP Query Creator versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject maliciou...
WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Query Creator versions = 1.0...
CVE-2025-23926
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...
CVE-2025-23926
CVE-2025-23926 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Ajax WP Query Search Filter (versions up to 1.0.7). The issue arises from improper neutralization of user input during web page generation. Public data in the initial record show a CVSS v3.1 base sc...
CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...
CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...
CVE-2024-50498
Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0...
CVE-2024-50498
Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...
CVE-2024-50498 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...
CVE-2024-50498 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...
CVE-2024-50498
Summary of CVE-2024-50498: The WordPress plugin WP Query Console ≤ 1.0 is vulnerable to an unauthenticated Remote Code Execution due to improper control of code generation, enabling arbitrary PHP execution via a crafted REST request (example: POST to /wp-json/wqc/v1/query with {"queryArgs":"phpin...
WordPress WP Query Console Plugin <= 1.0 is vulnerable to Remote Code Execution (RCE)
Software WP Query Console Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50498 Patch priority High CVSS severity High 10 Developer Claim ownership PSID af5ddac5f157 Credits stealthcopter Required privilege...
CVE-2023-4724
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...
CVE-2023-23832
Auth. contributor+ Cross-Site Scripting XSS vulnerability in TC Ultimate WP Query Search Filter plugin = 1.0.10 versions...
CVE-2023-23832 WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Cross-Site Scripting XSS vulnerability in TC Ultimate WP Query Search Filter plugin = 1.0.10 versions...
CVE-2023-23832
CVE-2023-23832: A Cross-Site Scripting (XSS) vulnerability in the WordPress plugin TC Ultimate WP Query Search Filter affects versions
WordPress plugin Ultimate WP Query Search Filter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
SUSE CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name...
WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate WP Query Search Filter Type Plugin Vulnerable versions = 1.0.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23832 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 990a4164b91e Credits István...
PT-2022-7031
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through...