Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0949 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | |||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | |||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||||
| CVE-2022-0846 | 1 Speakout\! Email Petitions Project | 1 Speakout\! Email Petitions | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-0827 | 1 Presspage | 1 Bestbooks | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0826 | 1 Wp-video-gallery-free Project | 1 Wp-video-gallery-free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0817 | 1 Badgeos | 1 Badgeos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0814 | 1 Ubigeo De Peru Para Woocommerce Project | 1 Ubigeo De Peru Para Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Ubigeo de PerĂº para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | |||||
| CVE-2022-0787 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections | |||||
| CVE-2022-0786 | 1 Iqonic | 1 Kivicare | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-0785 | 1 Daily Prayer Time Project | 1 Daily Prayer Time | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-0784 | 1 Title Experiments Free Project | 1 Title Experiments Free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | |||||
| CVE-2022-0782 | 1 Donations Project | 1 Donations | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | |||||
| CVE-2022-0773 | 1 Documentor Project | 1 Documentor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | |||||