CVE-2025-68053

CVE-2025-68053 concerns the WordPress plugin xPromoter (LambertGroup)

CVE-2025-68054

CVE-2025-68054 concerns a SQL injection in the WordPress plugin “CountDown With Image or Video Background” (countdown_with_background). The Wordfence vulnerability detail specifies this is an authenticated, blind SQL injection affecting Version ≤ 1.5, with patch status listed as Unpatched in the ...

CVE-2025-67950 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

WordPress plugin xPromoter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-14383

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-13077 افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection

The افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

EUVD-2024-55331

Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially...

CVE-2025-66313

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...

CVE-2025-67516

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

CVE-2025-67518

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through = 1.2...

EUVD-2025-202127

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through = 2.22.9.2...

EUVD-2025-202126

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through = 1.2...

CVE-2025-67517

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through = 2.22.9.2...

CVE-2025-67516

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

CVE-2025-67517 WordPress ArtPlacer Widget plugin <= 2.22.9.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through = 2.22.9.2...

CVE-2025-67518 WordPress Accordion Slider PRO plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through = 1.2...

CVE-2025-67517 WordPress ArtPlacer Widget plugin <= 2.22.9.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through = 2.22.9.2...

CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

CVE-2025-67518

The CVE-2025-67518 entry describes an SQL Injection vulnerability in the WordPress Accordion Slider PRO plugin. Affected: Accordion Slider PRO versions up to and including 1.2 (no explicit fixed version provided in the sources). Nature: Improper neutralization of SQL commands enables Blind SQL In...

WordPress plugin Store Locator WordPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Store...