The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output esc
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebS
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.