|
256991
|
9.8 |
CRITICAL
Network
|
rayanehdownload
|
rk-responsive-contact-form
|
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.…
|
CWE-89
SQL Injection
|
CVE-2017-1002027
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256992
|
8.8 |
HIGH
Network
|
eventespresso
|
event_espresso
|
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statemen…
|
CWE-89
SQL Injection
|
CVE-2017-1002026
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256993
|
7.2 |
HIGH
Network
|
add-edit-delete-listing-for-member-module_project
|
add-edit-delete-listing-for-member-module
|
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
|
CWE-89
SQL Injection
|
CVE-2017-1002025
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256994
|
4.3 |
MEDIUM
Network
|
kindsoft
|
kind_editor
kindeditor
|
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
|
CWE-287
Improper Authentication
|
CVE-2017-1002024
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256995
|
9.8 |
CRITICAL
Network
|
daisythemes
|
easy_team_manager
|
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
|
CWE-89
SQL Injection
|
CVE-2017-1002023
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256996
|
9.8 |
CRITICAL
Network
|
surveys_project
|
surveys
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
|
CWE-89
SQL Injection
|
CVE-2017-1002022
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256997
|
9.8 |
CRITICAL
Network
|
surveys_project
|
surveys
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
|
CWE-89
SQL Injection
|
CVE-2017-1002021
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256998
|
9.8 |
CRITICAL
Network
|
surveys_project
|
surveys
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
|
CWE-89
SQL Injection
|
CVE-2017-1002020
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256999
|
9.8 |
CRITICAL
Network
|
eventr_project
|
eventr
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
|
CWE-89
SQL Injection
|
CVE-2017-1002019
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257000
|
9.8 |
CRITICAL
Network
|
eventr_project
|
eventr
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
|
CWE-89
SQL Injection
|
CVE-2017-1002018
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
