WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

EUVD-2026-31030

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

EUVD-2023-31204

Malicious code in bioql PyPI...

CVE-2023-27428

Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3...

CVE-2024-9522

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajaxmasqlogin' function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-27428

Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3...

CVE-2023-27428 WordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in DamirCalusic WP users media wp-users-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through = 4.2.3...

CVE-2024-9522

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajaxmasqlogin' function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2022-3026

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

Input validation

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

Re-Script v.0.99 Beta ( listings.php op ) SQL Injection Vulnerability

No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability listings.php op REScript V.0.99 Beta http://www.ebigman.com/ AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

WordPress Plugin WP Photo Album - &#039;photo&#039; SQL Injection

source: https://www.securityfocus.com/bid/29148/info The WordPress WP Photo Album WPPA plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...