CVE-2024-2871

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

EUVD-2016-1915

Malware in sbrugna...

EUVD-2015-9170

Malware in sbrugna...

EUVD-2017-1629

Malware in sbrugna...

EUVD-2023-23678

Malicious code in bioql PyPI...

EUVD-2023-57752

Malicious code in bioql PyPI...

EUVD-2022-51525

Malicious code in bioql PyPI...

EUVD-2025-21848

Malicious code in bioql PyPI...

EUVD-2025-7389

Malicious code in bioql PyPI...

CVE-2025-28982

CVE-2025-28982 concerns WordPress plugin WP Pipes (ThimPress WP Pipes). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting WP Pipes versions up to 1.4.3. The CVSS data in the primary record indicates a CRITICAL impact with high c...

WordPress Pakke Envíos plugin <= 1.0.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin Pakke Envíos versions = 1.0.2...

CVE-2025-24748 WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This issue affects All In One Slider Responsive: from n/a through 3.7.9...

CVE-2025-52821 WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through = 1.7...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.19 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.19...

WordPress WP Text Expander plugin <= 1.0.1 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Chu The Anh in WordPress Plugin WP Text Expander versions = 1.0.1...

WordPress Persian Woocommerce SMS plugin <= 7.0.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Persian Woocommerce SMS versions = 7.0.10...

CVE-2024-7651

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2023-6620

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2021-24758

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...

CVE-2014-10387

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...