A straightforward SQL injection in ARMember — a popular WordPress membership tool — could let attackers dump your user data. CVE-2022-46808 isn't new, but its persistence screams negligence.
WordPress devs loved Slimstat as a privacy-friendly analytics champ. Then CVE-2022-45373 hit, turning it into an attacker's playground with SQL injection.
A straightforward SQL injection in Spiffy Calendar plugin opens doors for database dumps and site takeovers. Thousands of WordPress installs could be vulnerable—time to check yours.
A sneaky SQL injection in the Email Posts to Subscribers plugin could hand attackers your full subscriber database. CVE-2022-46818 isn't new, but unpatched sites are sitting ducks.
Everyone figured WordPress booking plugins were battle-tested by now. Wrong. CVE-2022-47428 slips in an SQL injection that could dump your entire database.
Picture this: your site's in 'coming soon' mode, looking all sleek and professional, while hackers siphon your database dry. That's CVE-2022-46849 in action, folks—a classic SQL injection slip-up in a WordPress plugin nobody thinks twice about.
A single malicious input into an accessibility widget — and poof, your site's database spills open. CVE-2022-47420 strikes at the heart of Online ADA's plugin, a tool millions use for compliance.