CVE-2026-2232

CVE-2026-2232 affects the WordPress plugin Product Table and List Builder for WooCommerce Lite . Vulnerable component: the search functionality (search.php) where the parameter 'search' is not properly escaped, leading to a time-based SQL injection in all versions up to 4.6.2. Root cause: insuffi...

CVE-2026-1581 wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2026-1581

CVE-2026-1581 affects wpForo Forum for WordPress up to version 2.4.14, where the GET parameter wpfob used for ORDER BY is unsafely concatenated into SQL, enabling time-based SQL injection and potential data disclosure. Public connected documents confirm the vulnerability is due to insufficient es...

PT-2026-6041

Name of the Vulnerable Software and Affected Versions SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 Description The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the referencedId parameter. This is d...

CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

CVE-2025-7714 Time Based SQLi in Global Medya's PHP CMS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...

CVE-2026-0702

CVE-2026-0702 refers to VidShop – Shoppable Videos for WooCommerce (WordPress). Affected versions up to and including 1.1.4 are vulnerable to unauthenticated time-based SQL Injection via the fields parameter due to insufficient escaping and lack of proper SQL query preparation. This can enable an...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

EUVD-2025-197685

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

EUVD-2021-15098

Malware in sbrugna...

EUVD-2023-43715

Malicious code in bioql PyPI...

EUVD-2021-30831

Malicious code in bioql PyPI...

EUVD-2025-23733

Malicious code in bioql PyPI...

EUVD-2024-47385

Malicious code in bioql PyPI...

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

CVE-2025-10003

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...

CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...

CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...