CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

Exploit for CVE-2026-54597

CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...

EUVD-2026-36944

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

EUVD-2026-36956

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

EUVD-2026-36758

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

CVE-2026-48874

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

CVE-2026-52700

WordPress plugin WCMultiShipping (versions

EUVD-2026-36852

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-45439 WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

EUVD-2026-36830

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-39519

CVE-2026-39519 affects the WordPress plugin GeekyBot (versions &lt;= 1.2.0). The vulnerability is an unauthenticated SQL Injection in GeekyBot

CVE-2026-39512 WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...