CVE-2024-13435

The CVE-2024-13435 case concerns the Ebook Downloader WordPress plugin. The vulnerability is an unauthenticated SQL Injection in the download parameter, affecting all versions up to 1.0, caused by insufficient escaping of user input and a poorly prepared SQL query. Exploitation could allow an att...

CVE-2021-4340

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2022-2717

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-7780

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-3217

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2024-1173

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-1797

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wpulikecounter' and 'wpulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied paramete...

CVE-2024-2876

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

CVE-2024-4743

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-8757

The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linkeduserid parameter in all versions up to, and...

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-13496

The CVE-2024-13496 entry affects the GamiPress – Gamification WordPress plugin. It describes a time-based SQL Injection via the orderby parameter in all versions up to 7.3.1 due to insufficient escaping and query preparation, enabling unauthenticated attackers to append SQL and potentially read s...

CVE-2024-12615 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-52969

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below...

CVE-2024-52969

CVE-2024-52969 is an SQL injection in FortiSIEM Update/Create Case feature. Concrete details from connected PT-2025-2947 confirm the vulnerability affects FortiSIEM versions: 7.1.7 and below, 7.0.3 and below, 6.7.9 and below, 6.6.5 and below, 6.5.3 and below, and 6.4.4 and below. The root cause i...

CVE-2024-52969

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below...

CVE-2024-12157

CVE-2024-12157 details (WordPress Plugin: Popup – MailChimp, GetResponse and ActiveCampaign Intergrations) Affected product: Popup – MailChimp, GetResponse and ActiveCampaign Intergrations (WordPress plugin) Vulnerability: SQL Injection via the id parameter of the upc_delete_db_record AJAX action...

CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...