CVE-2024-54447 Blind SQLi in Saved Search

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54447 Blind SQLi in Saved Search

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54447

CVE-2024-54447 affects the LogicalDOC product where the saved search functionality contains a blind SQL injection. The issue can be exploited by authenticated users using a time-based blind SQLi technique to disclose all database contents. Depending on the presence or absence of entries in certai...

CVE-2024-54446

CVE-2024-54446 affects LogicalDOC, specifically the Document History feature. It is a blind SQL injection vulnerability that can be exploited by authenticated users to disclose database contents via a time-based technique; account takeover is possible depending on database table contents. The CVS...

CVE-2024-54446 Blind SQLi in Document History

Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2025-1768

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-1768

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-1768

CVE-2025-1768 affects the SEO Plugin by Squirrly SEO for WordPress. The vulnerability is a blind SQL Injection in the plugin’s search parameter, exploitable on all versions up to 12.4.05 due to insufficient escaping of user input and inadequate preparation of the SQL query. With Subscriber-level ...

CVE-2025-25112

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kareemsultan Social Links social-links allows Command Line Execution through SQL Injection.This issue affects Social Links: from n/a through = 1.2...

CVE-2025-26535

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Blind SQL Injection.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a...

CVE-2025-25150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through = 2.1.6...

CVE-2025-25112

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kareemsultan Social Links social-links allows Command Line Execution through SQL Injection.This issue affects Social Links: from n/a through = 1.2...

CVE-2025-26535

CVE-2025-26535 is a SQL Injection vulnerability in WordPress plugin Bitcoin / AltCoin Payment Gateway for WooCommerce (and Multivendor store). Affected versions are up to 1.7.6. The issue permits Blind SQL Injection (per CVE description) with a CVSS v3.1 base score of 9.3 (CRITICAL, NETW/LOW). Co...

CVE-2025-25150

CVE-2025-25150 describes an SQL Injection vulnerability in the WordPress plugin uListing (Directory Listings) where improper neutralization of user input enables blind SQL injection. Affected versions are uListing up to 2.1.6 (inclusive). The CVSS is 3.1 v3 base score 9.3 (CRITICAL), indicating h...

CVE-2025-25112

CVE-2025-25112 affects the WordPress Social Links plugin (vulnerable

CVE-2025-25112 WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Social Links allows Blind SQL Injection. This issue affects Social Links: from n/a through 1.2...

CVE-2025-26974

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.1...

CVE-2025-26971 WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through = 5.6.5...