WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

CVE-2025-69305

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through = 1.4.3...

CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

CVE-2026-24956 WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through = 1.3.0...

CVE-2025-69337 WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: from n/a through = 1.9.6...

CVE-2025-69337

CVE-2025-69337 corresponds to an SQL Injection vulnerability in the WordPress Wolmart Core plugin (wolmart-core) up to version 1.9.6. The issue is described as a Blind SQL Injection arising from improper neutralization of special elements in SQL commands. Wordfence’s vulnerability feed lists Wolm...

CVE-2025-69310 WordPress Woodly Core plugin <= 1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through = 1.4...

CVE-2025-69304 WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through = 1.1...

CVE-2026-26980

CVE-2026-26980 is Ghost CMS unauthenticated SQL injection in the Content API (pre-6.19.1). Affected Ghost versions are 3.24.0 through 6.19.0; fixed in 6.19.1. The vulnerability allows reading arbitrary data from the database, with reports indicating attackers can exfiltrate sensitive data such as...

PT-2026-21131

Name of the Vulnerable Software and Affected Versions TeconceTheme Allmart versions through 1.1 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command vulnerability, specifically a Blind SQL Injection issue. This allows for potential exploitation...

PT-2026-21238

Name of the Vulnerable Software and Affected Versions JoomSky JS Help Desk versions through 3.0.1 Description A flaw exists in JoomSky JS Help Desk js-support-ticket that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

CVE-2026-25378

CVE-2026-25378 affects the Nelio AB Testing WordPress plugin (

CVE-2026-25378 WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2026-23805 WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through = 0.9.1...

CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-0722

CVE-2026-0722: Shield Security for WordPress has a CSRF to SQL Injection vulnerability in versions up to 21.0.8 due to nonce verification bypass in isNonceVerifyRequired, enabling unauthenticated attackers to extract data via forged requests when a site admin is tricked into action. The issue is ...

PT-2026-20740

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

CVE-2025-70149

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in printmembershipcard.php via the ID parameter...

WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Wolmart Core versions = 1.9.6...