CVE-2018-5697 CVSS:0.0
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5696 CVSS:0.0
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5695 CVSS:0.0
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5374 CVSS:0.0
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5373 CVSS:0.0
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5372 CVSS:0.0
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5315 CVSS:0.0
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. (Last Update:2018-01-13) (Publish Update:2018-01-12)
CVE-2018-5211 CVSS:0.0
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. (Last Update:2018-01-09) (Publish Update:2018-01-09)
CVE-2018-3811 CVSS:0.0
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. (Last Update:2018-01-09) (Publish Update:2018-01-01)
CVE-2017-1002028 CVSS:7.5
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. (Last Update:2017-09-20) (Publish Update:2017-09-14)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com