CVE-2024-2387

The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integrationid’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied paramete...

EUVD-2024-16574

Malicious code in bioql PyPI...

EUVD-2025-4551

Malicious code in bioql PyPI...

CVE-2021-25068

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feedid' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard...

CVE-2024-12735 Advance Post Prefix <= 1.1.1 - Admin+ SQL Injection

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...

CVE-2025-3428

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13500

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied...

CVE-2024-13475

The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2024-3293

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

PT-2022-24039 · WordPress · Wpsmartcontracts

Name of the Vulnerable Software and Affected Versions: WPSmartContracts WordPress plugin versions prior to 1.3.12 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploit...