Total
15256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0478 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks | |||||
| CVE-2022-0439 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. | |||||
| CVE-2022-0434 | 1 A3rev | 1 Page View Count | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks | |||||
| CVE-2022-0420 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | |||||
| CVE-2022-0412 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks | |||||
| CVE-2022-0411 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | |||||
| CVE-2022-0410 | 1 Wp Visitor Statistics Project | 1 Wp Visitor Statistics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0383 | 1 Ljapps | 1 Wp Review Slider | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks | |||||
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | |||||
| CVE-2022-0362 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | |||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | |||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection | |||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | |||||
| CVE-2022-0254 | 1 Highfivery | 1 Zero-spam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | |||||
| CVE-2022-0228 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | |||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||