• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-24651

February 23, 2023 by

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

CVE-2021-24662

February 23, 2023 by

The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page

CVE-2021-24666

February 23, 2023 by

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ‘Social & Donations’ module (not activated by default), which adds the rest route ‘/services/contributor/(?P[d]+), takes an ‘id’ and ‘category’ parameters as arguments. Both parameters can be used for the SQLi.

CVE-2021-24669

February 23, 2023 by

The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

CVE-2021-24606

February 23, 2023 by

The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+

CVE-2021-24625

February 23, 2023 by

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the ‘parent’ and ‘ordering’ parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 649
  • Go to page 650
  • Go to page 651
  • Go to page 652
  • Go to page 653
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE