| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. |
| The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. |
| The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. |
| The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. |
| The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. |
| The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. |
