• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-24772

February 23, 2023 by

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.

CVE-2021-24774

February 23, 2023 by

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the “order” and “orderby” GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

CVE-2021-24777

February 23, 2023 by

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.

CVE-2021-24778

February 23, 2023 by

The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

CVE-2021-24786

February 23, 2023 by

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the “orderby” GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue

CVE-2021-24726

February 23, 2023 by

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 646
  • Go to page 647
  • Go to page 648
  • Go to page 649
  • Go to page 650
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE