CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

NVD•added 2026/05/20 2:16 a.m.•10 views

CVE-2026-7467

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

8.8CVSS0.00016EPSS

Exploits0References2

Cvelist•added 2026/05/20 1:25 a.m.•32 views

CVE-2026-7467 Read More & Accordion <= 3.5.7 - Privilege Escalation via importData

8.8CVSS0.00016EPSS

Exploits0References2

RedhatCVE•added 2026/01/20 5:21 p.m.•3 views

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

8.3CVSS6.3AI score0.00121EPSS

Exploits1References1

Positive Technologies•added 2025/10/01 12:0 a.m.•2 views

PT-2025-40063

Name of the Vulnerable Software and Affected Versions Custom Searchable Data Entry System plugin for WordPress versions up to and including 1.7.1 Description The Custom Searchable Data Entry System plugin for WordPress is susceptible to unauthenticated database wiping. This is due to a missing...

9.1CVSS5.8AI score0.00106EPSS

Exploits0References8

Packet Storm•added 2024/09/01 12:0 a.m.•236 views

Wordpress Secure Copy Content Protection And Content Locking Sccp_id Unauthenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Secure Copy Content Protection and Content Locking sccpid Unauthenticated SQLi', 'Description' = %q Secure Copy Content Protection and...

9.8CVSS7.4AI score0.7216EPSS

Exploits7

Packet Storm•added 2024/09/01 12:0 a.m.•231 views

Wordpress Paid Membership Pro Code Unauthenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Paid Membership Pro code Unauthenticated SQLi', 'Description' = %q Paid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected ...

9.8CVSS7AI score0.83832EPSS

Exploits6

wpexploit•added 2023/01/13 12:0 a.m.•135 views

SiteGround Security < 1.3.1 - Admin+ SQLi

The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...

8.8CVSS0.6AI score0.06673EPSS

Exploits2References2

wpexploit•added 2022/10/10 12:0 a.m.•100 views

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection To read the userlogin and userpass columns from the wpusers table:...

9.8CVSS2.8AI score0.86579EPSS

Exploits2

Metasploit•added 2021/01/06 5:41 p.m.•89 views

WordPress Total Upkeep Unauthenticated Backup Downloader

This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...

7.5CVSS6.9AI score0.71591EPSS

Exploits2

Exploit DB•added 2014/07/28 12:0 a.m.•28 views

WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection

source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...

7.4AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•28 views

Re-Script 0.99 Beta (listings.php op) SQL Injection Vulnerability

No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability listings.php op REScript V.0.99 Beta http://www.ebigman.com/ AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

7.1AI score

Exploits0

exploitpack•added 2011/04/26 12:0 a.m.•16 views

WordPress Plugin SermonBrowser 0.43 - SQL Injection

WordPress Plugin SermonBrowser 0.43 - SQL Injection alert0 FPD : http://site/wp/wp-content/plugins/sermon-browser/sermon.php -== Start ==- "; $t=array"dbusr"="user","dbver"="version","dbnam"="database","usrnm"="userlogin","passwd"="userpass"; function text2hex$string $hex = ''; $len = strlen$stri...

8.6AI score

Exploits0

exploitpack•added 2009/12/18 12:0 a.m.•11 views

WordPress Plugin Pyrmont 2.x - SQL Injection

WordPress Plugin Pyrmont 2.x - SQL Injection WordPress and Pyrmont V2. SQL Injection Vulnerability Plugin Home: http://wordpress.org/extend/themes/pyrmont-v2 Author: Gamoscu Site: www.1923turk.biz Site: http://gamoscu.wordpress.com/ Exploit:...

Exploits0

Packet Storm•added 2009/09/01 12:0 a.m.•26 views

Re-Script 0.99 Beta SQL Injection

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability listings.php op REScript V.0.99 Beta http://www.ebigman.com/ AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

0.1AI score

Exploits0

exploitpack•added 2009/08/31 12:0 a.m.•17 views

Re-Script 0.99 Beta - listings.php?op SQL Injection

Re-Script 0.99 Beta - listings.php?op SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability listings.php op REScript V.0.99 Beta http://www.ebigman.com/ AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

0.1AI score

Exploits0

0day.today•added 2008/04/22 12:0 a.m.•37 views

Wordpress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== Wordpress Plugin Spreadsheet query"SELECT FROM $tablename WHERE id='$id'" == 0 .... 0day.today 2018-04-10...

7.1AI score

Exploits0

Exploit DB•added 2008/03/31 12:0 a.m.•33 views

WordPress Plugin Download - 'dl_id' SQL Injection

Wordpress Plugin Download file Remote SQL Injection Vulnerability Author: BL4CK Mail: [email protected] Dork: inurl:"wp-download.php?dlid=" Example: http://localhost/path/path/path/wp-download.php?dlid=SQL SQL: null//union//all//select//concatuserlogin,0x3a,userpass//from//wpusers/ Greetz: ZioN,...

7.4AI score

Exploits0

0day.today•added 2008/03/31 12:0 a.m.•32 views

Wordpress Plugin Download (dl_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Wordpress Plugin Download dlid SQL Injection Vulnerability ============================================================= Wordpress Plugin Download file Remote SQL Injection...

7.1AI score

Exploits0

Packet Storm•added 2008/02/20 12:0 a.m.•19 views

wpfa-sql.txt

WordPress forumactionPAGEİDuserSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORK 1 : allinurl: forumaction "showprofile" DORK 2 : allinurl: pageid user "showprofile" DORK 3 : allinurl:"forum/?forumaction" showprofile&user=SQL InjectionEXPLOİT EXPLOİT 1...

7.4AI score

Exploits0

seebug.org•added 2008/02/05 12:0 a.m.•32 views

Wordpress Plugin st_newsletter Remote SQL Injection Vulnerability

No description provided by source. Wordpress Plugin stnewsletter SQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORKS 1 : allinurl :"wp-content/plugins/stnewsletter" DORK 2 : allinurl :"shiftthis-preview.php" EXPLOIT :...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by