Total
15257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | |||||
| CVE-2022-0782 | 1 Donations Project | 1 Donations | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | |||||
| CVE-2022-0773 | 1 Documentor Project | 1 Documentor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | |||||
| CVE-2022-0771 | 1 Marketingheroes | 1 Sitesupercharger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections | |||||
| CVE-2022-0769 | 1 Usersultra | 1 Users Ultra | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. | |||||
| CVE-2022-0760 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0757 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 6.5 MEDIUM | 5.5 MEDIUM |
| Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. | |||||
| CVE-2022-0754 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0747 | 1 Quantumcloud | 1 Infographic Maker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0739 | 1 Reputeinfosystems | 1 Bookingpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0694 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-0693 | 1 Devbunch | 1 Master Elements | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0658 | 1 Wielebenwir | 1 Commonsbooking | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection | |||||
| CVE-2022-0657 | 1 5 Stars Rating Funnel Project | 1 5 Stars Rating Funnel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. | |||||
| CVE-2022-0651 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | |||||
| CVE-2022-0592 | 1 Mapsvg | 1 Mapsvg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. | |||||
| CVE-2022-0513 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. This requires the "Record Exclusions" option to be enabled on the vulnerable site. | |||||
| CVE-2022-0507 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 6.5 MEDIUM | 5.8 MEDIUM |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | |||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2024-11-21 | N/A | 9.4 CRITICAL |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |||||