Total
16126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46248 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5. | ||||
| CVE-2024-51579 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder.Biz 5 Stars Rating Funnel allows SQL Injection.This issue affects 5 Stars Rating Funnel: from n/a through 1.4.01. | ||||
| CVE-2024-33544 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2024-37896 | 1 Flipped-aurora | 1 Gin-vue-admin | 2025-07-12 | 8.8 High |
| Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. This vulnerability has been addressed in commit `53d033821` which has been included in release version 2.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-11732 | 2 Venutius, Wordpress | 2 Bp Profile Shortcodes Extra, Wordpress | 2025-07-12 | 6.5 Medium |
| The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-28873 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Shuffle allows Blind SQL Injection. This issue affects Shuffle: from n/a through 0.5. | ||||
| CVE-2025-22507 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia ([email protected]) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02. | ||||
| CVE-2024-55972 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1. | ||||
| CVE-2025-32681 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer allows Blind SQL Injection. This issue affects Error Log Viewer: from n/a through 1.0.5. | ||||
| CVE-2024-54258 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anzia Ni CRM Lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through 1.3.0. | ||||
| CVE-2025-39595 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8. | ||||
| CVE-2024-54261 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2. | ||||
| CVE-2024-28388 | 1 Prestashop | 1 Prestashop | 2025-07-12 | 9.8 Critical |
| SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. | ||||
| CVE-2024-2723 | 1 Ciges | 1 Cigesv2 | 2025-07-12 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-56039 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7. | ||||
| CVE-2025-30843 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in setriosoft bizcalendar-web allows SQL Injection. This issue affects bizcalendar-web: from n/a through 1.1.0.34. | ||||
| CVE-2025-22348 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. | ||||
| CVE-2024-55984 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4. | ||||
| CVE-2025-39445 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2. | ||||
| CVE-2025-23910 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Menus Plus+ allows SQL Injection. This issue affects Menus Plus+: from n/a through 1.9.6. | ||||