PT-2025-25670 · Wpdistillery · Wpdistillery Navigation Tree Elementor

Name of the Vulnerable Software and Affected Versions: wpdistillery Navigation Tree Elementor versions 1.0.1 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...

WordPress plugin Navigation Tree Elementor SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

PT-2025-25686 · Unknown · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal versions n/a through 2.3.2 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can b...

PT-2025-25682 · Mojoomla · Mojoomla School Management

Name of the Vulnerable Software and Affected Versions: mojoomla School Management versions n/a through 92.0.0 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...

CVE-2025-24767

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through = 3.19...

CVE-2025-31424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

CVE-2025-30507

CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections...

CVE-2025-31424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31424

CVE-2025-31424 describes an unauthenticated SQL Injection in the WordPress plugin WP Lead Capturing Pages (Kamleshyadav) affecting versions up to 2.3. The vulnerability arises from improper neutralization of input elements used in SQL commands, enabling blind SQL injection. The associated CVSS 3....

CVE-2025-48281

The CVE describes a SQL Injection vulnerability in the WordPress plugin MyStyle Custom Product Designer (versions up to and including 3.21.1). The issue stems from improper neutralization of user-supplied input and insufficient query preparation, enabling blind SQL injection. Unauthenticated atta...

CVE-2025-49263

The CVE-2025-49263 entry concerns WC Vendors Marketplace (WC Vendors) for WordPress, with an SQL Injection vulnerability in WC Vendors Marketplace that affects versions up to 2.5.6. The vulnerability stems from improper neutralization of special elements in SQL commands, enabling Blind SQL Inject...

CVE-2025-49263 WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6...

CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...

CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...

CVE-2025-31914

CVE-2025-31914 concerns the WordPress plugin Pixel WordPress Form BuilderPlugin & Autoresponder. Connected sources confirm an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected software: Pixel WordPress Form Bu...

CVE-2025-39504

CVE-2025-39504 (GoodLayers Hotel) is a SQL Injection vulnerability affecting Goodlayers Hotel versions up to 3.1.4. The vulnerability is described as Blind SQL Injection with improper neutralization of input, yielding CRITICAL impact (CVSS 3.1: 9.3; Network, high confidentiality impact). The Conn...

CVE-2025-46539 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6...

CVE-2025-46539 WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...