Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-1386 - Fusion Builder Plugin
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
PLUGIN
Fusion Builder
CVE-2022-1386
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0867 - Pricing Table Plugin
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
PLUGIN
Pricing Table
CVE-2022-0867
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2022-1505 - Rsvpmaker Plugin
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
PLUGIN
Rsvpmaker
CVE-2022-1505
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2022-1453 - Rsvpmaker Plugin
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
PLUGIN
Rsvpmaker
CVE-2022-1453
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1013 - Personal Dictionary Plugin
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
PLUGIN
Personal Dictionary
CVE-2022-1013
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0948 - Before 3 Plugin
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
PLUGIN
Before 3
CVE-2022-0948
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0836 - Before 4 Plugin
The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
PLUGIN
Before 4
CVE-2022-0836
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0826 - Wp Video Gallery Free Plugin
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
PLUGIN
Wp Video Gallery Free
CVE-2022-0826
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0817 - Badgeos Plugin
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
PLUGIN
Badgeos
CVE-2022-0817
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0814 - Para Woocommerce Plugin
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
PLUGIN
Para Woocommerce
CVE-2022-0814
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0592 - Before 6 Plugin
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
PLUGIN
Before 6
CVE-2022-0592
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1281 - Photo Gallery Plugin
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
PLUGIN
Photo Gallery
CVE-2022-1281
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0783 - Multiple Shipping Address Woocommerce Plugin
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
PLUGIN
Multiple Shipping Address Woocommerce
CVE-2022-0783
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0773 - Documentor Plugin
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
PLUGIN
Documentor
CVE-2022-0773
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0771 - Before 5 Plugin
The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections
PLUGIN
Before 5
CVE-2022-0771
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1391 - Cab Fare Calculator Plugin
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
PLUGIN
Cab Fare Calculator
CVE-2022-1391
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1390 - Admin Word Count Column Plugin
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
PLUGIN
Admin Word Count Column
CVE-2022-1390
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0782 - Donations Plugin
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
PLUGIN
Donations
CVE-2022-0782
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0769 - Users Ultra Plugin
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.
PLUGIN
Users Ultra
CVE-2022-0769
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0693 - Master Elements Plugin
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection
PLUGIN
Master Elements
CVE-2022-0693
Risk Score