Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35879 | 1 Woo | 1 Product Vendors | 2023-11-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. | |||||
| CVE-2023-33927 | 1 Themeisle | 1 Multiple Page Generator | 2023-11-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19. | |||||
| CVE-2023-31212 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2023-11-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. | |||||
| CVE-2023-24410 | 1 Fluentforms | 1 Contact Form | 2023-11-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25. | |||||
| CVE-2023-36263 | 1 Prestashop | 1 Opartlimitquantity | 2023-11-08 | N/A | 9.8 CRITICAL |
| Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-44480 | 1 Projectworlds | 1 Leave Management System | 2023-11-08 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46356 | 1 Blmodules | 1 Csv Feeds Pro | 2023-11-08 | N/A | 9.8 CRITICAL |
| In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2023-11-08 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | |||||
| CVE-2023-45378 | 1 Hdclic | 1 Prestablog | 2023-11-08 | N/A | 9.8 CRITICAL |
| In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2023-11-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | |||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2023-11-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | |||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2023-11-08 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-25047 | 1 Carrcommunications | 1 Rsvpmaker | 2023-11-08 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-28777 | 1 Learndash | 1 Learndash | 2023-11-08 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3. | |||||
| CVE-2023-5252 | 1 Fareharbor | 1 Fareharbor | 2023-11-08 | N/A | 5.4 MEDIUM |
| The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-5315 | 1 Matthewschwartz | 1 Google Maps Made Simple | 2023-11-08 | N/A | 8.8 HIGH |
| The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-41891 | 1 Flyte | 1 Flyteadmin | 2023-11-07 | N/A | 8.8 HIGH |
| FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. | |||||
| CVE-2023-4608 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2023-11-07 | N/A | 7.2 HIGH |
| An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-5429 | 1 Gopiplus | 1 Information Reel | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5336 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2023-11-07 | N/A | 6.5 MEDIUM |
| The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||