CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

Blind-SQLi

Explotación de un SQLi a...

CVE-2025-64366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-6520

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

EUVD-2025-37308

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606...

CVE-2025-6520 SQLi in Abis Technology's BAPSIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

CVE-2025-6520

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

CVE-2025-11735

The CVE refers to HUSKY – Products Filter Professional for WooCommerce (WordPress plugin) with a blind SQL Injection via the phrase parameter. Affected versions are all up to and including 1.3.7.1, caused by insufficient escaping and lack of proper query preparation, enabling unauthenticated atta...

CVE-2025-49931

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

EUVD-2025-35527

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

PT-2025-43195

Name of the Vulnerable Software and Affected Versions CrocoBlock JetSearch versions through 3.5.10 Description A flaw exists in CrocoBlock JetSearch that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an...

CVE-2025-62423

ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - 140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/adminarea/loginasuser.php” file. Exploiting this vulnerability requires access privileges to the Admin Area...

CVE-2025-62423

ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - 140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/adminarea/loginasuser.php” file. Exploiting this vulnerability requires access privileges to the Admin Area...

CVE-2025-11365

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-11365 WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-10610 SQLi in SFS Winsure

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...