CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

RSI Queue Management System 安全漏洞

RSI Queue Management System is an intelligent queue management system for the retail, healthcare or service industry from RSI Queue. A security vulnerability exists in RSI Queue Management System version v3.0 that stems from improper handling of the TaskID parameter, which could lead to an...

CVE-2025-43833

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through = 1.1.1...

CVE-2025-43833

CVE-2025-43833 affects WordPress Absolute Links plugin (≤ 1.1.1). Affected component is user-supplied input resulting in Improper Neutralization of SQL commands, enabling Blind SQL Injection. Exploitation status is not confirmed in the provided documents; CVSS v3.1 base score is 7.6 (HIGH) with n...

CVE-2025-48280

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.1.3...

CVE-2025-48280

CVE-2025-48280 (AutomatorWP) — SQL Injection in AutomatorWP prior to 5.2.1.3 due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: AutomatorWP up to 5.2.1.3. Mitigation: upgrade to a version later than 5.2.1.3 (patches/updates referenced in Pa...

CVE-2025-48280 WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3...

WordPress plugin Absolute Links SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

📄 RSI Queue Management System 3.0 SQL Injection

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...

CVE-2025-32643

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue affects WPGYM: from n/a through 65.0...

CVE-2025-47567

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through =...

CVE-2025-32643

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue affects WPGYM: from n/a through 65.0...

CVE-2025-39481

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through 3.11.4...

CVE-2025-39481

CVE-2025-39481 describes a SQL Injection in the WordPress plugin Eventer (imithemes Eventer) via improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected: Eventer versions up to before 3.11.4 (i.e., 3.11.3 and earlier). Impact as per sources is high conf...

CVE-2025-32643

CVE-2025-32643 affects the WPGYM WordPress Gym Management System plugin. Affected versions up to 65.0 suffer from improper neutralization of special elements in SQL commands, enabling a blind SQL injection. Public sources confirm the vulnerability, with patches available in newer releases (e.g., ...

PT-2025-21696

Name of the Vulnerable Software and Affected Versions: imithemes Eventer versions 3.9.6 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind SQL Injection...

PT-2025-21713 · Unknown · Lambertgroup Video Player & Fullscreen Video Background

Name of the Vulnerable Software and Affected Versions: LambertGroup Video Player & FullScreen Video Background versions 2.4.1 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind...

CVE-2025-47587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

CVE-2025-47587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

CVE-2025-47544

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8...