Total
15789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | |||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | |||||
| CVE-2016-10943 | 1 Zx-csv-upload Project | 1 Zx-csv-upload | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10942 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||||
| CVE-2016-10940 | 1 Zm-gallery Project | 1 Zm-gallery | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | |||||
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10921 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2016-10917 | 1 Search Everything Project | 1 Search Everything | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | |||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | |||||
| CVE-2016-10904 | 1 Olimometer Project | 1 Olimometer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The olimometer plugin before 2.57 for WordPress has SQL injection. | |||||
| CVE-2016-10889 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | |||||
| CVE-2016-10888 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10887 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | |||||
| CVE-2016-10839 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | |||||
| CVE-2016-10817 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||||