PT-2025-36344

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...

CVE-2025-9441 iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-8977

The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2025-33712 · WordPress · Js Archive List

Name of the Vulnerable Software and Affected Versions: JS Archive List plugin for WordPress versions up to and including 6.1.5 Description: The JS Archive List plugin for WordPress is susceptible to time-based SQL Injection through the build sql where function. This is due to insufficient escapin...

CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

CVE-2025-5339

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2021-43969

The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...

CVE-2019-20613

An issue was discovered on Samsung mobile devices with N7.x and O8.x software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 March 2019...

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

CVE-2024-54447

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-9201

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘idorder’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint...

CVE-2024-9201

The SEUR Oficial plugin is affected by a time-based SQL injection in versions before 2.5.11, exploitable via the id_order parameter at /modules/seur/ajax/saveCodFee.php. Patch to 2.5.11+ (or later) to fix; the vulnerability is documented with high-severity CVSS metrics and patch status indicating...

U.S. Dept Of Defense: Time-based blind SQL injection

A time-based blind SQL injection vulnerability was discovered in the sortBy parameter of the web application's SearchDocs.aspx functionality. The vulnerability was identified by observing differences in the server's response time when specific payloads were used. This type of vulnerability could...

VICIdial Unauthenticated SQL Injection

Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' CVE ID: CVE-2024-8503 2. Vulnerability Description An...

CVE-2024-7717

CVE-2024-7717 – In WP Events Manager for WordPress, there is a time-based SQL Injection in the order parameter affecting all versions up to 2.1.11. Exploitation requires Subscriber+ level authentication and can cause injection of additional SQL to extract sensitive data. According to connected RH...