CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37112 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37112
The WishList Member X plugin for WordPress is vulnerable SQL Injection in versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-arbitrary-sql-query-execution-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3605 – WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... El complemento WP Hotel Booking para WordPress es vulnerable a la inyección SQL a través del parámetro 'room_type' del endpoint de la API REST /wphb/v1/rooms/search-rooms en todas las versiones hasta la 2.1.0 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y la falta de preparación suficiente en la consulta SQL existente. • https://wordpress.org/plugins/wp-hotel-booking https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3922 – Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-3922
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... El complemento Dokan Pro para WordPress es vulnerable a la inyección SQL a través del parámetro 'código' en todas las versiones hasta la 3.10.3 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. • https://github.com/truonghuuphuc/CVE-2024-3922-Poc https://dokan.co/docs/wordpress/changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35746 – WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35746
The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.4.2. • https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3820 – wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-3820
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... El complemento wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin para WordPress es vulnerable a la inyección SQL a través del parámetro 'id_key' de la acción AJAX wdt_delete_table_row en todas las versiones hasta la 6.3.1 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y falta de preparación suficiente en la consulta SQL existente. • https://wpdatatables.com/help/whats-new-changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/fbba822b-172f-4167-bccf-4697a298178e?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •