Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

CVE-2017-20277

The CVE-2017-20277 entry concerns Joomla JoomRecipe 1.0.4. The connected Attackerkb entry confirms a bona fide vulnerability: a blind SQL injection in the search_author parameter on the search results page. Exploitation is described as sending POST requests to the search endpoint to perform boole...

CVE-2017-20277

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

EUVD-2026-37727

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

CVE-2026-54813

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

EUVD-2026-37703

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

EUVD-2026-37057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

CVE-2026-49772

CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...

PT-2026-50125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

PT-2026-49206

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...