CVE-2025-69304 WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through = 1.1...

CVE-2025-69295

CVE-2025-69295 is a Blind SQL Injection vulnerability in the WordPress Coven Core (coven-core) plugin. Affected versions are Coven Core up to 1.3. The root cause is improper neutralization/sanitization of user input before SQL query construction, enabling remote attackers to craft queries that af...

CVE-2025-69295 WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through = 1.3...

CVE-2025-10970

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2025-10970

CVE-2025-10970 applies to Kolay Software Inc. Talentics (through version 20022026). The issue is an SQL Injection in Talentics caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Several sources (NVD/Red Hat/CVE listing) confirm the vulnerability d...

PT-2026-21131

Name of the Vulnerable Software and Affected Versions TeconceTheme Allmart versions through 1.1 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command vulnerability, specifically a Blind SQL Injection issue. This allows for potential exploitation...

PT-2026-21134

Name of the Vulnerable Software and Affected Versions TeconceTheme Medinik Core versions through 1.3.6 Description A flaw exists in TeconceTheme Medinik Core medinik-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. Recommendations...

PT-2026-21238

Name of the Vulnerable Software and Affected Versions JoomSky JS Help Desk versions through 3.0.1 Description A flaw exists in JoomSky JS Help Desk js-support-ticket that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

PT-2026-21237

Name of the Vulnerable Software and Affected Versions Shahjada Download Manager Addons for Elementor versions through 1.3.0 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. The vulnerabilit...

CVE-2025-59920

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2026-2247

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

CVE-2026-1258 Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

WordPress MStore API <= 4.0.1 - Unauthenticated SQL Injection

MStore API plugin for WordPress up to version 4.0.1 contains an unauthenticated blind SQL injection caused by insufficient escaping of 'id' parameter in SQL queries, letting attackers execute arbitrary SQL commands without authentication, exploit requires sending crafted requests with malicious...

CVE-2026-25544

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...