JS%20Archive%20List Details

JS Archive List

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-54726

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.3||CRITICAL

EPSS-0.04% / 10.51%

7 Day CHG~0.00%

Published-20 Aug, 2025 | 08:02

Updated-20 Aug, 2025 | 15:15

WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.

Vendor-Miguel Useche

Product-JS Archive List

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2025-7670

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-7.5||HIGH

EPSS-0.10% / 28.01%

7 Day CHG+0.02%

Published-19 Aug, 2025 | 07:26

Updated-19 Aug, 2025 | 13:42

JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Vendor-skatox

Product-JS Archive List

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')