Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-32121: WordPress Zero Spam for WordPress plugin <= 5.4.4 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.

CVE
Open in Source
#sql#vulnerability#wordpress
CVE-2023-25990: WordPress Tutor LMS plugin <= 2.1.10 - Multiple Tutor Instructor+ SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

CVE-2023-25800: WordPress Tutor LMS plugin <= 2.2.0 - Multiple Student+ SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.

CVE-2023-25700: WordPress Tutor LMS plugin <= 2.1.10 - Unauthenticated SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

CVE-2023-34179: WordPress Groundhogg plugin <= 2.7.11 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.

CVE-2023-36529: WordPress Houzez CRM plugin <= 1.3.4 - SQL Injection - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.

CVE-2022-46818: WordPress Email posts to subscribers plugin <= 6.2 - SQL Injection - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.

CVE-2023-5946: Digirisk 6.0.0.0 - Reflected Cross-Site Scripting — Wordfence Intelligence

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2022-45805: WordPress Paytm Payment Gateway plugin <= 2.7.3 - Auth. SQL Injection (SQLi) vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.

CVE-2022-46808: WordPress ARMember <= 3.4.11 - SQL Injection (SQLi) - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.