CVE on Phat Mai Blog

CVE-2026-1581 WordPress wpForo Forum Plugin is vulnerable to a high priority SQL Injection

Wed, 31 Dec 2025 00:00:00 +0700

CVE-2026-1581 WordPress wpForo Forum Plugin is vulnerable to a high priority SQL Injection

Overview

Published: 2026-02-19 CVE-ID: CVE-2026-1581 CVSS: 7.5 Affected Plugin: WordPress wpForo Forum Plugin Affected Versions: <= 2.4.14 Vulnerability Type: High priority SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command.

Description

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpfob’ parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2026-0702 WordPress VidShop Plugin <= 1.1.4 is vulnerable to a high priority SQL Injection

Tue, 30 Dec 2025 00:00:00 +0700

CVE-2026-0702 WordPress VidShop Plugin <= 1.1.4 is vulnerable to a high priority SQL Injection

VidShop Plugin Vulnerable to SQL Injection

Overview

Published: 2026-01-28
CVE-ID: CVE-2026-0702
CVSS: 7.5 High
Affected Plugin: VidShop Plugin
Affected Versions: <= 1.1.4
Vulnerability Type: High priority SQL Injection
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command

Description

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fields’ parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2026-23550 WordPress Modular DS Plugin <= 2.5.1 is vulnerable to a high priority Privilege Escalation

Mon, 29 Dec 2025 00:00:00 +0700

CVE-2026-23550 WordPress Modular DS Plugin <= 2.5.1 is vulnerable to a high priority Privilege Escalation

WordPress Modular DS Plugin Privilege Escalation Vulnerability

Overview

Published: 2026-01-14
CVE-ID: CVE-2026-23550
CVSS: 10.0 Critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Affected Plugin: WordPress Modular DS Plugin
Affected Versions: <= 2.5.1
Vulnerability Type: High priority Privilege Escalation
CWE: CWE-266 Incorrect Privilege Assignment

Description

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

CVE-2026-3459 WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.9.5 is vulnerable to a high priority Arbitrary File Upload

Sun, 28 Dec 2025 00:00:00 +0700

CVE-2026-3459 WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.9.5 is vulnerable to a high priority Arbitrary File Upload

Overview

Published: 2026-03-05 CVE-ID: CVE-2026-3459 CVSS: 8.1 High Affected Plugin: Drag and Drop Multiple File Upload – Contact Form 7 Plugin Affected Versions: <= 1.3.9.5 Vulnerability Type: Arbitrary File Upload CWE: CWE-434 Unrestricted Upload of File with Dangerous Type

Description

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can be exploited if the form includes a multiple file upload field with ‘*’ as the accepted file type.

CVE-2026-2511 WordPress JS Help Desk Plugin <= 3.0.4 is vulnerable to a high priority SQL Injection

Sat, 27 Dec 2025 00:00:00 +0700

CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via ‘multiformid’ Parameter

Overview

Published: 2026-03-26 CVE-ID: CVE-2026-2511 CVSS: 7.5 High Affected Plugin: JS Help Desk – AI-Powered Support & Ticketing System Affected Versions: <= 3.0.4 Vulnerability Type: Unauthenticate SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command

Description

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets() function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to esc_sql() without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2026-2232 Product Table and List Builder for WooCommerce Lite Vulnerable To Unauthenticated Time-Based SQL Injection

Fri, 26 Dec 2025 00:00:00 +0700

CVE-2026-2232 Product Table and List Builder for WooCommerce Lite Vulnerable To Unauthenticated Time-Based SQL Injection via ‘search’ Parameter

Overview

Published: 2026-02-19 CVE-ID: CVE-2026-2232 CVSS: 7.5 High Affected Plugin: Product Table and List Builder for WooCommerce Lite Affected Versions: <= 4.6.2 Vulnerability Type: Unauthenticate Time-Based SQL Injection CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command

Description

The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

WordPress HT Contact Form 7 Plugin <= 2.2.1 is vulnerable to a high priority Arbitrary File Upload

Thu, 25 Dec 2025 00:00:00 +0700

WordPress HT Contact Form 7 Plugin <= 2.2.1 is vulnerable to a high priority Arbitrary File Upload

Overview

Published: 2025-07-15 CVE-ID: CVE-2025-7340 CVSS: 10 Critical Affected Plugin: WordPress HT Contact Form 7 Plugin Affected Versions: <= 2.2.1 Vulnerability Type: High priority Arbitrary File Upload CWE: CWE-434 Unrestricted Upload of File with Dangerous Type

Description

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

CVE-2025-13329 File Uploader for WooCommerce

Wed, 24 Dec 2025 00:00:00 +0700

CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data

File Uploader for WooCommerce Plugin

Overview

Published: 2025-12-20
CVE-ID: CVE-2025-13329
Affected Plugin: File Uploader for WooCommerce
Affected Versions: <= 1.0.3
Vulnerability Type: Unauthenticated Arbitrary File Upload via add-image-data
CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

Description

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the ‘add-image-data’ REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site’s server which may make remote code execution possible.

CVE-2025-68519 WordPress Brands for WooCommerce Plugin

Tue, 23 Dec 2025 00:00:00 +0700

CVE-2025-68519 WordPress Brands for WooCommerce Plugin <= 3.8.6.3 is vulnerable to SQL Injection

WordPress Brands for WooCommerce Plugin

Overview

Published: 2025-12-24
CVE ID: CVE-2025-68519
Affected Plugin: WordPress Brands for WooCommerce
Affected Versions: <= 3.8.6.3
Vulnerability Type: SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.

CVE-2025-14770 – Unauthenticated SQL Injection via “city” Parameter

Mon, 22 Dec 2025 00:00:00 +0700

WordPress Shipping Rate By Cities Plugin

Overview

CVE ID: CVE-2025-14770
Affected Plugin: Shipping Rate By Cities
Affected Versions: ≤ 2.0.0
Vulnerability Type: Unauthenticated SQL Injection
Attack Vector: Network
Authentication Required: No

Description

The Shipping Rate By Cities WordPress plugin contains an unauthenticated SQL Injection vulnerability in versions up to 2.0.0. The issue originates from unsafe handling of the city parameter, which is concatenated directly into an SQL query without proper preparation.