CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

CVE-2026-57662

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

CVE-2026-57653

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

CVE-2026-57643

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

CVE-2026-57628

Administrator SQL Injection in WP All Import = 4.0.1 versions...

CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

Administrator SQL Injection in WP All Import = 4.0.1 versions...

CVE-2026-56067 WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...

CVE-2026-56034

Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...

CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

CVE-2026-54825

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Recipe Maker For Your Food Blog from Zip Recipes versions = 8.2.7...

WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.10...

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...

WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...

WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...

WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...

WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...

RSVPMaker <= 9.2.5 - SQL Injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from t...

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...