9650 matches found
EUVD-2026-37611
Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...
CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....
ChanCMS <= 3.3.0 - SQL Injection
yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...
WCAPF WooCommerce Ajax Product Filter - SQL Injection
WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...
CVE-2026-12360 JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint
The CVE concerns the JetEngine WordPress plugin ≤ 3.8.10.1, where the listing_load_more AJAX endpoint mishandles the filtered_query field. Specifically, meta_query row values are not sanitized before being merged into SQL, and these values are excluded from the HMAC signature check to support fro...
CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
EUVD-2026-37046
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-8444
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...
Mitel MiCollab <= 9.8.0.33 - SQL Injection
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...
Exploit for CVE-2026-54597
CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...
EUVD-2026-36956
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...
EUVD-2026-36951
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
EUVD-2026-36944
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
EUVD-2026-36758
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...
CVE-2026-48964
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...
CVE-2026-48874
Subscriber SQL Injection in GamiPress = 7.8.7 versions...
CVE-2026-42639
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-39441
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-52700
WordPress plugin WCMultiShipping (versions