The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
6.1CVSS
6AI Score
0.001EPSS
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
8.8CVSS
8.7AI Score
0.001EPSS
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
8.1CVSS
8.5AI Score
0.002EPSS
6.1CVSS
6.4AI Score
0.001EPSS
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is po...
8.8CVSS
8.9AI Score
0.001EPSS