cleantalk
Vulnerabilities and Security Researches

Paid Downloads, 7b8687f1f31900513fbd409159e7db1eb5299096

CVE, Research URL

7b8687f1f31900513fbd409159e7db1eb5299096

Home page URL

Security reports for Paid Downloads

Application

Paid Downloads

Published on
Sep 14, 2011
Research Description
Paid Downloads [paid-downloads] < 1.8.9 WordPress Auctions Plugin 1.8.8 - SQL Injection This WordPress Auctions plugin's "wpa_id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Upgrade the plugin.
Affected versions
max 1.8.9.
Status
vulnerable
Previous vulnerability researches
Paid Downloads (7b8687f1f31900513fbd409159e7db1eb5299096) , Jun 15, 2026
Paid Downloads (da2b9264-2aa3-45b8-8db2-08b3cf0eab43) , Jun 15, 2026
Paid Downloads (68bf60106928ab6c04cb06ee967b5415f05a33b5) , Jun 07, 2024
Paid Downloads (CVE-2025-68857) , Jan 27, 2026
Zarinpal Paid Download (CVE-2024-13543) , Feb 02, 2025
New vulnerability
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps &amp; One (CVE-2026-56052) , Jun 26, 2026
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns &amp; Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026