CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. XWiki Platform suffers from a SQL injection vulnerability that originates from a remote unauthenticated user who can escape the HQL execution context and perform blind SQL injection, which...

CVE-2025-39569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through = 4.0.1...

CVE-2025-39569

CVE-2025-39569 is an SQL injection vulnerability in the WordPress Taskbuilder plugin (versions up to 4.0.1). The issue stems from improper neutralization of input in SQL commands, enabling Blind SQL Injection and potential data exposure or manipulation. Public disclosures reference Taskbuilder

CVE-2025-39569 WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2025-39566 WordPress Hostel plugin <= 1.1.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through = 1.1.5.6...

CVE-2025-39566 WordPress Hostel plugin <= 1.1.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through = 1.1.5.6...

CVE-2025-32993

Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password aka index.php?/home/forgot-password visusername parameter. Authentication is not needed...

PT-2025-16290 · Unknown · Vision Helpdesk

Name of the Vulnerable Software and Affected Versions: Vision Helpdesk versions 5.7.0 and earlier Description: The issue allows Time-Based Blind SQL injection via the vis username parameter in the Forgot Password feature, also known as index.php?/home/forgot-password. No authentication is require...

CVE-2025-32681

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through = 1.0.5...

CVE-2025-32558

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through = 1.2...

CVE-2025-31565

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through = 2.0.12...

CVE-2025-32119

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through = 3.2.1...

CVE-2025-32547

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

CVE-2025-32681

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through = 1.0.5...

CVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

CVE-2025-32558

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through = 1.2...