Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
|
|||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
|
|||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
|
|||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
|
|||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
|
|||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
|
|||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
|
|||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
|
|||||
| CVE-2015-9352 | 1 Wp-polls Project | 1 Wp-polls | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-polls plugin before 2.72 for WordPress has SQL injection.
|
|||||
| CVE-2015-9344 | 1 Perafox | 1 Link Log | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The link-log plugin before 2.1 for WordPress has SQL injection.
|
|||||
| CVE-2015-9335 | 1 Bestwebsoft | 1 Limit Attempts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
|
|||||
| CVE-2015-9334 | 1 Email-newsletter Project | 1 Email-newsletter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
|
|||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
|
|||||
| CVE-2015-9330 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
|
|||||
| CVE-2015-9326 | 1 Wpbusinessintelligence | 1 Wp Business Intelligence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
|
|||||
| CVE-2015-9325 | 1 Bestwebsoft | 1 Visitors Online | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The visitors-online plugin before 0.4 for WordPress has SQL injection.
|
|||||
| CVE-2015-9323 | 1 Duckdev | 1 404 To 301 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
|
|||||
| CVE-2015-9316 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
|
|||||
| CVE-2015-9315 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
|
|||||
| CVE-2015-9313 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
|
|||||
| CVE-2015-9310 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
|
|||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
|
|||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.
|
|||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
|
|||||
| CVE-2015-8298 | 1 Rxtec | 1 Rxadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
|
|||||
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
|
|||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
|
|||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
|
|||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
|
|||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
|
|||||
| CVE-2015-5617 | 1 Enorth | 1 Webpublisher Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
|
|||||
| CVE-2015-5591 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
|
|||||
| CVE-2015-4633 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.
|
|||||
| CVE-2015-4615 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
|
|||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
|
|||||
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
|
|||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.
|
|||||
| CVE-2015-2062 | 2 Huge-it, Microsoft | 2 Huge-it Slider, Windows | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.
|
|||||
| CVE-2015-10126 | 1 Steven Ellis | 1 Easy2map Photos | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2015-10124 | 1 Smartfan | 1 Most Popular Posts Widget | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to ...
Show More |
|||||