ReportizFlow
Filtered by vendor
Subscriptions
Total
17328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0846 | 1 Speakout\! Email Petitions Project | 1 Speakout\! Email Petitions | 2024-11-21 | 9.8 Critical |
| The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users | ||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.4 Medium |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | ||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2024-11-21 | 9.8 Critical |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | ||||
| CVE-2022-0827 | 1 Presspage | 1 Bestbooks | 2024-11-21 | 9.8 Critical |
| The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | ||||
| CVE-2022-0826 | 1 Wp-video-gallery-free Project | 1 Wp-video-gallery-free | 2024-11-21 | 9.8 Critical |
| The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | ||||
| CVE-2022-0817 | 1 Badgeos | 1 Badgeos | 2024-11-21 | 9.8 Critical |
| The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | ||||
| CVE-2022-0814 | 1 Ubigeo De Peru Para Woocommerce Project | 1 Ubigeo De Peru Para Woocommerce | 2024-11-21 | 9.8 Critical |
| The Ubigeo de PerĂº para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | ||||
| CVE-2022-0787 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2024-11-21 | 9.8 Critical |
| The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections | ||||
| CVE-2022-0786 | 1 Iqonic | 1 Kivicare | 2024-11-21 | 9.8 Critical |
| The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users | ||||
| CVE-2022-0785 | 1 Daily Prayer Time Project | 1 Daily Prayer Time | 2024-11-21 | 9.8 Critical |
| The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | ||||
| CVE-2022-0784 | 1 Title Experiments Free Project | 1 Title Experiments Free | 2024-11-21 | 9.8 Critical |
| The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | ||||
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2024-11-21 | 9.8 Critical |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | ||||
| CVE-2022-0782 | 1 Donations Project | 1 Donations | 2024-11-21 | 9.8 Critical |
| The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | ||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2024-11-21 | 9.8 Critical |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | ||||
| CVE-2022-0773 | 1 Documentor Project | 1 Documentor | 2024-11-21 | 9.8 Critical |
| The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | ||||
| CVE-2022-0771 | 1 Marketingheroes | 1 Sitesupercharger | 2024-11-21 | 9.8 Critical |
| The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections | ||||
| CVE-2022-0769 | 1 Usersultra | 1 Users Ultra | 2024-11-21 | 9.8 Critical |
| The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. | ||||
| CVE-2022-0760 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 9.8 Critical |
| The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | ||||
| CVE-2022-0757 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 5.5 Medium |
| Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. | ||||
| CVE-2022-0754 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 Medium |
| SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||