CVE-2026-7797

The CVE covers the WordPress plugin Appointment Booking Calendar – Simply Schedule Appointments . The vulnerability exists in versions up to

CVE-2026-6929 JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2026-21447

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

CVE-2025-65022

CVE-2025-65022 describes an authenticated time-based SQL injection in i-Educar up to version 2.10.0, in the intranet/agenda.php script. The issue arises from the cod_agenda parameter being directly concatenated into SQL queries without sanitization, allowing an authenticated user to execute arbit...