EUVD-2025-208351

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14353

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14353

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14353 ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14353

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to 1.0.2 via the 'zipcode' parameter. The issue arises from insufficient escaping of the user-supplied parameter and a lack of proper preparation in the existing SQL query, enabling unauth...

PT-2026-23810

Name of the Vulnerable Software and Affected Versions ZIP Code Based Content Protection plugin for WordPress versions up to and including 1.0.2 Description The ZIP Code Based Content Protection plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization of the zipcod...

WordPress plugin ZIP Code Based Content Protection SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Zipcode Redirect Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Zipcode Redirect Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a0f76a238b8 Credits Rafie Muhammad Patchstack...

WordPress Check Zipcode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Check Zipcode Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 171e077ce119 Credits Rafie Muhammad Patchstack Required...

WordPress Zipcode Redirect plugin < 3.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Zipcode Redirect plugin versions 3.0.2. Solution Update the WordPress Zipcode Redirect plugin to the latest available version at least 3.0.2...

WordPress Check Zipcode plugin < 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Check Zipcode plugin versions 1.0.1. Solution Update the WordPress Check Zipcode plugin to the latest available version at least 1.0.1...

WordPress Check Zipcode plugin < 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Check Zipcode plugin versions 1.0.1. Solution Update the WordPress Check Zipcode plugin to the latest available version at least 1.0.1...

WordPress Zipcode Redirect plugin < 3.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Zipcode Redirect plugin versions 3.0.2. Solution Update the WordPress Zipcode Redirect plugin to the latest available version at least 3.0.2...

WordPress Hotel Listing 3 Plugin - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Document Title: =============== Hotel Listing WP Plugin v3.x -...

Hotel Listing < 1.3.3 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Listing fields such as address, city, zipcode and country, which could lead to Stored Cross-Site Scripting issues...

Cross site scripting

An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address,...

CVE-2017-9838

Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...

Sql injection

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a viewresume request...

CVE-2018-5994

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a viewresume request...

CVE-2013-1466

Multiple cross-site scripting XSS vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the 1 subject parameter to profiles.php; 2 address1, 3 address2, 4 calendartype, 5 city, 6 state, 7 title, 8 url, or 9 zipcode parameter to...