Lucene search
K

43 matches found

wpexploit
wpexploit
added 2018/01/10 12:0 a.m.20 views

Smooth Slider <= 2.8.6 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Smooth Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings...

6.5CVSS1.2AI score0.01202EPSS
Exploits2References3
0day.today
0day.today
added 2017/11/27 12:0 a.m.280 views

WordPress WPDB SQL Injection Vulnerability

Exploit for php platform in category web applications Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th,...

7.1AI score
Exploits0
Veracode
Veracode
added 2017/11/03 1:23 a.m.30 views

SQL Injection

Wordpress is vulnerable to SQL injection. The $wpdb-prepare method creates and executes arbitrary SQL statements within plugins and themes...

9.8CVSS9.7AI score0.07744EPSS
Exploits0References8Affected Software2
WPVulnDB
WPVulnDB
added 2017/11/03 12:0 a.m.15 views

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

6.5CVSS1AI score0.01911EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/11/02 4:29 p.m.24 views

Sql injection

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

7.5CVSS9.6AI score0.10357EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2017/11/02 4:29 p.m.21 views

CVE-2017-16510

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

9.8CVSS9.8AI score0.07744EPSS
Exploits0References8
OSV
OSV
added 2017/11/02 4:29 p.m.34 views

CVE-2017-16510

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

9.8CVSS9.8AI score
Exploits0References8
Cvelist
Cvelist
added 2017/11/02 4:0 p.m.32 views

CVE-2017-16510

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

9.8AI score0.07744EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2017/10/31 12:0 a.m.29 views

wordpress -- multiple issues

wordpress developers reports: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins a...

5.9AI score
Exploits0References1
Patchstack
Patchstack
added 2017/10/31 12:0 a.m.10 views

WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries

Possible security issue found by Anthony Ferrara in WordPress versions =4.8.2. WordPress is not vulnerable itself, but themes or plugins could trigger the vulnerability. Solution Update WordPress to the latest available version at least version 4.8.3...

3.2AI score
Exploits0References1Affected Software1
Prion
Prion
added 2017/09/23 8:29 p.m.21 views

Sql injection

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

7.5CVSS9.8AI score0.10357EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2017/09/23 8:29 p.m.30 views

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8CVSS8.2AI score
Exploits0References10
EUVD
EUVD
added 2017/09/23 8:0 p.m.4 views

EUVD-2017-6220

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8CVSS8.2AI score0.10357EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2017/09/23 8:0 p.m.48 views

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8CVSS4AI score0.10357EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2017/09/19 12:0 a.m.63 views

WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection

...

7.5CVSS2.6AI score0.10357EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

WordPress AdRotate plugin <= 3.6.6 - SQL Injection

No description provided by source. Exploit Title: WordPress AdRotate plugin = 3.6.6 SQL Injection Vulnerability Date: 2011-11-8 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/adrotate.3.6.6.zip Version: 3.6.6 tested Note:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

WordPress PureHTML plugin <= 1.0.0 - SQL Injection

No description provided by source. Exploit Title: WordPress PureHTML plugin = 1.0.0 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip Version: 1.0.0 tested Note:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/11/14 12:0 a.m.34 views

WordPress Plugin AdRotate 3.6.6 - SQL Injection

Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl http://www.site.com/wp-content/plugins/adrotate/adrotate-out.php?track=$encoded --------------- Vulnerab...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/11/13 12:0 a.m.18 views

WordPress AdRotate plugin <= 3.6.6 SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/09/09 12:0 a.m.25 views

WordPress Plugin A to Z Category Listing 1.3 - SQL Injection

Exploit Title: WordPress A to Z Category Listing plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $initletter = $GET'R'; $sql = "select from ".$tableprefix."terms wpt,".$tableprefix."termtaxonomy wptt where wpt.name like...

7AI score
Exploits0
Rows per page
Query Builder