PT-2026-6041

Name of the Vulnerable Software and Affected Versions SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 Description The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the referencedId parameter. This is d...

CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

CVE-2025-7714 Time Based SQLi in Global Medya's PHP CMS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...

CVE-2026-0702

CVE-2026-0702 refers to VidShop – Shoppable Videos for WooCommerce (WordPress). Affected versions up to and including 1.1.4 are vulnerable to unauthenticated time-based SQL Injection via the fields parameter due to insufficient escaping and lack of proper SQL query preparation. This can enable an...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

EUVD-2025-197685

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

EUVD-2021-15098

Malware in sbrugna...

EUVD-2023-43715

Malicious code in bioql PyPI...

EUVD-2021-30831

Malicious code in bioql PyPI...

EUVD-2025-23733

Malicious code in bioql PyPI...

EUVD-2024-47385

Malicious code in bioql PyPI...

CVE-2025-9463

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

CVE-2025-10003

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...

CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...

CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uploadfileremove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient...

PT-2025-36344

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...

CVE-2025-9441 iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-8977

The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...