Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-1013
The Personal Dictionary WordPress plugin prior to 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
Ays-pro Personal Dictionary
7.5
CVSSv2
CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin prior to 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
Ubigeo De Peru Para Woocommerce Project Ubigeo De Peru Para Woocommerce
7.5
CVSSv2
CVE-2022-0817
The BadgeOS WordPress plugin up to and including 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Badgeos Badgeos
7.5
CVSSv2
CVE-2022-0826
The WP Video Gallery WordPress plugin up to and including 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Wp-video-gallery-free Project Wp-video-gallery-free
7.5
CVSSv2
CVE-2022-0836
The SEMA API WordPress plugin prior to 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
Semadatacoop Sema Api
7.5
CVSSv2
CVE-2022-29423
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
Edmonsoft Countdown Builder
7.5
CVSSv2
CVE-2022-0771
The SiteSuperCharger WordPress plugin prior to 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections
Marketingheroes Sitesupercharger
7.5
CVSSv2
CVE-2022-0773
The Documentor WordPress plugin up to and including 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
Documentor Project Documentor
7.5
CVSSv2
CVE-2022-0783
The Multiple Shipping Address Woocommerce WordPress plugin prior to 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
Themehigh Multiple Shipping Addresses For Woocommerce
7.5
CVSSv2
CVE-2022-1281
The Photo Gallery WordPress plugin up to and including 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
10web Photo Gallery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »