• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-25114

February 23, 2023 by

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection

CVE-2021-25045

February 23, 2023 by

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue

CVE-2021-25054

February 23, 2023 by

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

CVE-2021-25064

February 23, 2023 by

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

CVE-2021-25068

February 23, 2023 by

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the ‘feed_id’ POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard

CVE-2021-25069

February 23, 2023 by

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 638
  • Go to page 639
  • Go to page 640
  • Go to page 641
  • Go to page 642
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE