Total
16028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0434 | 1 A3rev | 1 Page View Count | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks | |||||
| CVE-2022-0420 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | |||||
| CVE-2022-0412 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks | |||||
| CVE-2022-0411 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | |||||
| CVE-2022-0410 | 1 Wp Visitor Statistics Project | 1 Wp Visitor Statistics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0383 | 1 Ljapps | 1 Wp Review Slider | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks | |||||
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | |||||
| CVE-2022-0362 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | |||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | |||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection | |||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | |||||
| CVE-2022-0254 | 1 Highfivery | 1 Zero-spam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | |||||
| CVE-2022-0228 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | |||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||
| CVE-2022-0169 | 1 10web | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||