ReportizFlow
Filtered by vendor
Subscriptions
Total
17328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1472 | 1 Codesolz | 1 Better Find And Replace | 2024-11-21 | 7.2 High |
| The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection | ||||
| CVE-2022-1429 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | ||||
| CVE-2022-1339 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1281 | 1 10web | 1 Photo Gallery | 2024-11-21 | 9.8 Critical |
| The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | ||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2024-11-21 | 9.4 Critical |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | ||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.4 High |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | ||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2024-11-21 | 8.8 High |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | ||||
| CVE-2022-1123 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | 7.2 High |
| The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | ||||
| CVE-2022-1064 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | ||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-11-21 | 9.8 Critical |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | ||||
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2024-11-21 | 7.2 High |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | ||||
| CVE-2022-1014 | 1 Labarta | 1 Wp Contacts Manager | 2024-11-21 | 9.8 Critical |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | ||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2024-11-21 | 9.8 Critical |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | ||||
| CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 7.2 High |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | ||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 8.8 High |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | ||||
| CVE-2022-0949 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 9.8 Critical |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2024-11-21 | 9.8 Critical |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | ||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 7.2 High |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | ||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2024-11-21 | 9.8 Critical |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | ||||