Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

WP Fastest Cache 1.2.2 - SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...

CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

EUVD-2026-37589

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

CVE-2026-54811

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

CVE-2026-49084

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

CVE-2026-49076

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

CVE-2026-39438

Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...

CVE-2026-39438

CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

CVE-2026-52715 WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

PT-2026-50126

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

EUVD-2026-36943

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

CVE-2026-42381

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...