4662 matches found
CVE-2025-39479
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...
CVE-2025-30562
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through = 1.0.1...
CVE-2025-30562
The CVE-2025-30562 entry concerns wpdistillery Navigation Tree Elementor (WordPress plugin) with an SQL Injection vulnerability described as Blind SQL Injection affecting Navigation Tree Elementor versions up to 1.0.1. CVSS 3.1 base score 8.5 (HIGH): attack vector NETWORK, authentication LOW, use...
CVE-2025-39479
CVE-2025-39479 is an SQL Injection vulnerability in the WordPress Smart Notification plugin (versions up to and including 10.3), allowing blind SQLi. The NVD/NIST summary lists impact as Privilege Level: none required, User interaction: none, with a CVSS v3.1 base score of 9.3 (critical) and netw...
CVE-2025-47573
CVE-2025-47573 is an SQL Injection vulnerability in the mojoomla WordPress School Management plugin (affected versions n/a–92.0.0) due to improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Public sources in the provided documents identify the issue but do n...
CVE-2025-48274 WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2...
PT-2025-25670 · Wpdistillery · Wpdistillery Navigation Tree Elementor
Name of the Vulnerable Software and Affected Versions: wpdistillery Navigation Tree Elementor versions 1.0.1 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...
PT-2025-25686 · Unknown · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal versions n/a through 2.3.2 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can b...
PT-2025-25682 · Mojoomla · Mojoomla School Management
Name of the Vulnerable Software and Affected Versions: mojoomla School Management versions n/a through 92.0.0 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...
WordPress plugin School Management SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin Navigation Tree Elementor SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...
CVE-2025-24767
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through = 3.19...
CVE-2025-31424
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...
CVE-2025-48281
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...
CVE-2025-30507
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections...
CVE-2025-31424
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...
CVE-2025-31424
CVE-2025-31424 describes an unauthenticated SQL Injection in the WordPress plugin WP Lead Capturing Pages (Kamleshyadav) affecting versions up to 2.3. The vulnerability arises from improper neutralization of input elements used in SQL commands, enabling blind SQL injection. The associated CVSS 3....
CVE-2025-48281
The CVE describes a SQL Injection vulnerability in the WordPress plugin MyStyle Custom Product Designer (versions up to and including 3.21.1). The issue stems from improper neutralization of user-supplied input and insufficient query preparation, enabling blind SQL injection. Unauthenticated atta...
CVE-2025-49263 WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6...
CVE-2025-49263
The CVE-2025-49263 entry concerns WC Vendors Marketplace (WC Vendors) for WordPress, with an SQL Injection vulnerability in WC Vendors Marketplace that affects versions up to 2.5.6. The vulnerability stems from improper neutralization of special elements in SQL commands, enabling Blind SQL Inject...