The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack o
The Code Clone plugin for WordPress is vulnerable to time-based SQL Injection via the ‘snippetId’ parameter in all versions up to, and including, 0.9 due to insufficient escaping on the user supplied
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insuf
The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user suppl
The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied para
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the us
The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.
The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to, and including, 2.0.0105 due to insufficient escaping on the user suppl
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'range-date' parameter in all versions up
The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanit
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 du
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insuff
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the use
The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by a
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient prep
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parame
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to in
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to ins