Vulnerabilities and security researches forknr-author-list-widget knr-author-list-widget

Jun 16, 2026

CVE, Research URL: b36562836dd76568d374ac032aa3b6cad3c82287
Home page URL: Security reports for Axact Author List Widget
Application: Axact Author List Widget
Date: Aug 01, 2014
Research Description: Axact Author List Widget [knr-author-list-widget] < 3.0.0 (closed) Axact Author List Widget < 3.0.0 - SQL Injection The Axact Author List Widget plugin for WordPress is vulnerable to generic SQL Injection via the ‘listItem’ parameter in versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.0.0.
Status: vulnerable

CVE, Research URL: f2497798-90dd-4f93-b6ff-31e02f8ca6fc
Home page URL: Security reports for Axact Author List Widget
Application: Axact Author List Widget
Date: -
Research Description: Axact Author List Widget [knr-author-list-widget] < 3.0.0 (closed) KNR Author List Widget < 3.0.0 - Unauthenticated SQL Injection The plugin does not sanitise and escape the listitem parameter before using it in a SQL statement in the knrAuthorListCustomSortSave.php file, leading to an unauthenticated SQL Injection
Affected versions: max 3.0.0.
Status: vulnerable

Jan 15, 2025

CVE, Research URL: CVE-2025-22514
Home page URL: Security reports for Axact Author List Widget
Application: Axact Author List Widget
Date: Jan 13, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja KNR Author List Widget knr-author-list-widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through <= 3.1.1.
Affected versions: max 3.1.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 64c0451c94de7e0131133a488609353b793f2348
Home page URL: Security reports for Axact Author List Widget
Application: Axact Author List Widget
Date: Sep 06, 2011
Research Description: Axact Author List Widget [knr-author-list-widget] < 2.0.1 (closed) WordPress KNR Author List Widget Plugin <= 2.0.0 - SQL Injection KNR Author List Widget plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Upgrade the plugin.
Affected versions: max 2.0.1.
Status: vulnerable