2814 matches found
EUVD-2026-37711
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...
CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-49076 WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
EUVD-2026-36910
Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...
EUVD-2026-36926
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-42665
Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...
EUVD-2026-36903
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
PT-2026-49225
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate quote invoice an...
PT-2026-49415
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...
CVE-2026-39494 WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
CVE-2026-38581
SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...
Updated roundcubemail packages fix security vulnerabilities
Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...
WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin Taskbuilder versions = 5.0.7...
WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...
EUVD-2026-35997
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
📄 Chatwoot 4.11.1 SQL Injection
This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...
WordPress plugin Newsletters SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...