WordPress WP-Optimize plugin < 4.2.0 - Admin+ SQLi vulnerability

Admin+ SQLi vulnerability discovered by Francisco Alisson in WordPress Plugin WP-Optimize versions 4.2.0...

WordPress WP Guppy plugin <= 4.3.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Guppy versions = 4.3.3...

WordPress WBW Product Table PRO plugin <= 2.2.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WBW Product Table PRO versions = 2.2.6...

CVE-2023-5041

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

CVE-2022-4165

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...

CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...

CVE-2022-1556

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection...

CVE-2021-24750

The WP Visitor Statistics Real Time Traffic WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks...

CVE-2021-24551

The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jaleditcomments GET parameter before using it in a SQL statement, leading to a SQL injection issue...

CVE-2019-12516

The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores= or /wp-admin/admin.php?page=slickquiz-edit= or /wp-admin/admin.php?page=slickquiz-preview= URI...

WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin School Management versions = 92.0.0...

CVE-2025-39395 WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...

WordPress RSVPMarker plugin <= 11.5.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin RSVPMarker versions = 11.5.6...

WordPress WP-PManager plugin <= 1.2 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Bob Matyas in WordPress Plugin WP-PManager versions = 1.2...

WordPress Advance Post Prefix plugin <= 1.1.1 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Bob Matyas in WordPress Plugin Advance Post Prefix versions = 1.1.1...

WordPress Connexion Logs plugin <= 3.0.2 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin Connexion Logs versions = 3.0.2...

WordPress Website File Changes plugin < 2.1.0 - Admin+ Authenticated SQL Injection vulnerability

Admin+ Authenticated SQL Injection vulnerability discovered by y4ng0615 in WordPress Plugin Melapress File Monitor versions 2.1.0...

WordPress Video Player & FullScreen Video Background plugin <= 2.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nhat Anh Huynh in WordPress Plugin Video Player & FullScreen Video Background versions = 2.4.1...

WordPress Interview plugin <= 1.01 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by 0x1ceKing in WordPress Plugin Interview versions = 1.01...

WordPress Facturante plugin <= 1.11 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Facturante versions = 1.11...