Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4370 | 1 Multimedial Images Project | 1 Multimedial Images | 2023-01-09 | N/A | 7.2 HIGH |
| The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | |||||
| CVE-2022-4372 | 1 Web Invoice Project | 1 Web Invoice | 2023-01-09 | N/A | 7.2 HIGH |
| The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well | |||||
| CVE-2022-4373 | 1 Quote-o-matic Project | 1 Quote-o-matic | 2023-01-09 | N/A | 7.2 HIGH |
| The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2022-4358 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4359 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4297 | 1 Netflixtech | 1 Wp Autocomplete Search | 2023-01-09 | N/A | 9.8 CRITICAL |
| The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2014-125037 | 1 License To Kill Project | 1 License To Kill | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191. | |||||
| CVE-2014-125038 | 1 Is Projecto2 Project | 1 Is Projecto2 | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192. | |||||
| CVE-2022-3860 | 1 Smackcoders | 1 Visual Email Designer For Woocommerce | 2023-01-09 | N/A | 8.8 HIGH |
| The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. | |||||
| CVE-2022-3241 | 1 Rahamsolutions | 1 Build App Online | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-4099 | 1 Getcloudsms | 1 Joy Of Text Lite | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection | |||||
| CVE-2022-4855 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. | |||||
| CVE-2022-4049 | 1 Wp User Project | 1 Wp User | 2023-01-09 | N/A | 9.8 CRITICAL |
| The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2015-10008 | 1 Weipdcrm Project | 1 Weipdcrm | 2023-01-09 | N/A | 9.8 CRITICAL |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-4298 | 1 Nd | 1 Sipity | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The name of the patch is d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217179. | |||||
| CVE-2014-125032 | 1 Go-with-me Project | 1 Go-with-me | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The name of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability. | |||||
| CVE-2022-34324 | 1 Sage | 1 Sage Xrt Business Exchange | 2023-01-09 | N/A | 8.8 HIGH |
| Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. | |||||
| CVE-2022-4860 | 1 Kbase | 1 Metrics | 2023-01-06 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059. | |||||