Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter a
CVE-2024-47350
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooComm
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient
The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and l
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter
The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack o
The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping on the user supplie
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter
The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap coo
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` fi
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, a
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied param
The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all versions up to, and including, 0.4.2 due to insufficient escaping on the user sup
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping o
CVE-2024-9796
CRITICAL CVSS 9.8
Find Similar
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplie
The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping
← Previous Page 5