CVE-2026-42665

Summary (CVE-2026-42665): Unauthenticated SQL Injection in the WordPress plugin “WP Data Access” (versions

CVE-2026-24637

CVE-2026-24637 affects the WordPress PowerPress Podcasting plugin, specifically versions

FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'formid' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2026-9848 WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's postsrequest filter with wpticketcompostsrequest, which calls emdauthorsearchresults when the current request is an...

PT-2026-49000

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description An SQL injection issue exists within the Payroll Invoice Module. The flaw is located in the Invoice function of the applicationcontrollersPayroll.php file, where improper...

dvwa-web-attack-lab

Web Application Penetration Testing Lab Platform: Kali Li...

PT-2026-48664

SQL Injection vulnerability in damasac thaipalliative lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

VulnCheck KEV: CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

EUVD-2026-35195

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Advanced 301 and 302 Redirect versions = 1.6.9...

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

CVE-2026-11483

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2026-9526

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...

CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

CVE-2026-5100

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-1250

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2026-40831

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...