EUVD-2015-9305

Malware in sbrugna...

EUVD-2007-0111

Malware in sbrugna...

CVE-2024-13507

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-4964

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-49421 WordPress WP Text Expander <= 1.0.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1...

PT-2025-24257 · WordPress · Wp Text Expander

Name of the Vulnerable Software and Affected Versions: WP Text Expander versions 1.0.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969...

CVE-2024-13680

Summary: CVE-2024-13680 affects the WordPress plugin Form Builder CP (shortcode CP_EASY_FORM_WILL_APPEAR_HERE) and describes an SQL Injection in the id parameter across versions up to 1.2.41 due to insufficient escaping and lack of query parameterization. Impact (as stated): Authenticated attacke...

CVE-2023-50851 WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

PT-2021-15675 · WordPress · Wp-Google-Map-Plugin

Name of the Vulnerable Software and Affected Versions: WP Google Map Plugin WordPress plugin versions prior to 4.1.5 Description: The issue concerns unvalidated input in the Manage Locations page within the plugin settings, which is vulnerable to SQL Injection. This can be exploited through a hig...

CVE-2011-3130

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection...

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...

WordPress 1.2.x SQL Injection Advisory

Module: wp-admin/link-manager.php Bug Type: SQL-Injection Example: http://wordpress-site.org/wp-admin/link-manager.php?linkid=3133720UNION20SELECT20ID 20as20linkid,userlogin20AS20linkurl,userpass20AS20linkname,NU LL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL20FROM20wpusers20WHERE...