cleantalk
Vulnerabilities and Security Researches

Axact Author List Widget, b36562836dd76568d374ac032aa3b6cad3c82287

CVE, Research URL

b36562836dd76568d374ac032aa3b6cad3c82287

Home page URL

Security reports for Axact Author List Widget

Application

Axact Author List Widget

Published on
Aug 01, 2014
Research Description
Axact Author List Widget [knr-author-list-widget] < 3.0.0 (closed) Axact Author List Widget < 3.0.0 - SQL Injection The Axact Author List Widget plugin for WordPress is vulnerable to generic SQL Injection via the ‘listItem’ parameter in versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.0.0.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Connections Business Directory (d8069730be5a6f8a8f485d6e58e29a53506a268b) , Jun 16, 2026
Connections Business Directory (9748b513-3940-4c81-8995-15cb70d95d43) , Jun 16, 2026
Connections Business Directory (65eca907891dbfcf2681a4520081683ffbef5d93) , Jun 16, 2026
Print My Blog &#8211; Print, PDF, &amp; eBook Converter WordPress Plugin (8f1161f2f4cbfede1813502c1a1e298519419671) , Jun 16, 2026
Print My Blog &#8211; Print, PDF, &amp; eBook Converter WordPress Plugin (d05dd9429255aad4710646a4e2171b648c1a5ba2) , Jun 16, 2026