4645 matches found
CVE-2026-49771
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771
Summary of CVE-2026-49771 : The WordPress Photo Gallery by 10Web plugin (versions up to 1.8.41) is affected by an SQL Injection vulnerability due to improper neutralization of special elements. The issue enables blind SQL injection. Details in connected documents specify the affected product and ...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...
PT-2026-46215
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...
CVE-2026-42684
CVE-2026-42684 affects WordPress WP Job Portal plugin versions up to 2.5.1. It is an SQL Injection due to improper neutralization of special elements in SQL commands, described as a blind SQL injection. According to the sources, the issue impacts the plugin in a network-inspired attack with high ...
CVE-2026-42672
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
CVE-2026-42672
CVE-2026-42672 affects WordPress plugin WP Directory Kit (
EUVD-2026-33691
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
PT-2026-45459
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
Jms Blog - SQL Injection
The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...
CVE-2026-44886
Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...
CVE-2026-49046 WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...
CVE-2026-49046 WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...
CVE-2026-42761
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...
CVE-2026-42747
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...
CVE-2026-42730
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
CVE-2026-42727
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...
CVE-2026-42740
The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range