4680 matches found
CVE-2026-24572
CVE-2026-24572 is an SQL injection vulnerability in Nelio Content (WordPress plugin) that allows blind SQL injection through improper neutralization of input. Public details confirm the issue affects Nelio Content versions up to and including 4.1.0. Root cause per linked sources is improper sanit...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2026-24367
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...
CVE-2026-22470
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...
CVE-2025-68999
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...
CVE-2026-24367 WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.8...
CVE-2026-22470
The CVE-2026-22470 entry concerns the FireStorm Real Estate Plugin for WordPress (FireStorm Professional Real Estate) and describes an authenticated SQL Injection affecting the plugin version range from n/a up to and including 2.7.11. Multiple sources (NVD, Red Hat, CIRCL, and CVE list) corrobora...
CVE-2026-22470 WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...
CVE-2025-69180 WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through = 6.7...
CVE-2025-68999 WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2025-68857
CVE-2025-68857 concerns WordPress’s Paid Downloads plugin (versions <= 3.15). The flaw is an unauthenticated blind SQL Injection caused by improper neutralization of elements in SQL queries, enabling manipulation/exfiltration of database data. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/...
CVE-2025-68017 WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through = 1.0.10...
CVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49050 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
CVE-2025-49055 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
PT-2026-4087
Name of the Vulnerable Software and Affected Versions ichurakov Paid Downloads versions through 3.15 Description A flaw exists in ichurakov Paid Downloads that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially...
PT-2026-4060
Name of the Vulnerable Software and Affected Versions Antideo Email Validator versions through 1.0.10 Description A flaw exists in Antideo Email Validator that allows for Blind SQL Injection. This issue is due to improper neutralization of special elements used in an SQL command. Recommendations...
WordPress plugin Paid Downloads has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-3972
Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attacker to...