CVE-2025-55708 WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4...

CVE-2025-8972 itsourcecode Online Tour and Travel Management System page-login.php sql injection

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-8972

CVE-2025-8972 affects itsourcecode Online Tour and Travel Management System 1.0. A SQL injection exists in /admin/page-login.php due to improper handling of the email parameter, enabling remote exploitation without authentication. Public disclosure of the exploit is noted. Impact is described acr...

CVE-2025-8970 itsourcecode Online Tour and Travel Management System booking.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been...

Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-55674

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-54707

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through = 1.3.3.7...

CVE-2025-52820

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in infosoftplugin WooCommerce Point Of Sale POS woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale POS: from n/a through = 1.4...

CVE-2025-49267

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.28.3...

CVE-2025-49033

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through = 5.9.5.3...

CVE-2025-54707

CVE-2025-54707 : SQL Injection in RealMag777 MDTF (MDTF WordPress plugin). Affected: RealMag777 MDTF up to version 1.3.3.7. Root cause: improper neutralization of special elements in SQL commands. Impact (per sources): potential SQL injection with high risk (CVSS v3.1/CRITICAL, network attack sur...

CVE-2025-39510

CVE-2025-39510 affects the WordPress plugin “Pinterest Automatic Pin” (ValvePress). The issue is an SQL Injection due to improper neutralization of inputs in the plugin prior to version 4.19.0. Affected versions are those before 4.19.0 (reported as

CVE-2025-49059 WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.20...

CVE-2025-49267 WordPress Frontend Admin by DynamiApps <= 3.28.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3...

CVE-2025-52720

CVE-2025-52720 affects WordPress plugins: Super Store Finder (versions =7.5) to mitigate.

CVE-2025-52820 WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in infosoftplugin WooCommerce Point Of Sale POS woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale POS: from n/a through = 1.4...

CVE-2025-8957 Campcodes Online Flight Booking Management System flights.php sql injection

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departureairportid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8953

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit ha...

CVE-2025-8952

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...