CVE-2025-28873 WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a through = 0.5...

WordPress plugin Web Directory Free SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-30604

CVE-2025-30604 affects JiangQie Official Website Mini Program (ZhuiGe Official Website Mini Program in EUVD context). Reported as an SQL Injection vulnerability (blind SQLi) in the Mini Program component, with affected versions ranging up to 1.8.2. The connected EUVD entry confirms the issue is p...

WordPress plugin JiangQie Official Website Mini Program SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2025-29980 Blind SQL Injection vulnerability in eTRAKiT.Net

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.7...

CVE-2025-27281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from n/a through = 1.1.5...

CVE-2024-12245

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2025-27281 WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from n/a through = 1.1.5...

CVE-2024-54447

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-12245

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-12245

CVE-2024-12245 describes a blind SQL injection flaw in the logout functionality that can be exploited by unauthenticated attackers via time-based techniques to disclose database contents. Several connected records reference this vulnerability with the same core description, noting potential accou...

CVE-2024-12245 Blind SQL Injection in Logout

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54447

CVE-2024-54447 affects the LogicalDOC product where the saved search functionality contains a blind SQL injection. The issue can be exploited by authenticated users using a time-based blind SQLi technique to disclose all database contents. Depending on the presence or absence of entries in certai...

CVE-2024-54447 Blind SQLi in Saved Search

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54447 Blind SQLi in Saved Search

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54446

CVE-2024-54446 affects LogicalDOC, specifically the Document History feature. It is a blind SQL injection vulnerability that can be exploited by authenticated users to disclose database contents via a time-based technique; account takeover is possible depending on database table contents. The CVS...

CVE-2024-54446 Blind SQLi in Document History

Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2025-1768

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...