| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. |
| Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Events Calendar: from 6.15.12 through 6.16.2. |
| Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. |
| Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. |
| Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. |
| The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. |
| The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strings prior to json_decode(), which removes the escaping applied by WordPress's wp_magic_quotes; the resulting decoded array values are then concatenated directly into SQL WHERE clauses without parameterization, and the constructed query is executed via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The handler also returns the executed SQL string in its JSON response, which simplifies oracle construction for blind exploitation. |
| Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. |
| Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. |
| Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. |
| Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions. |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. |
| Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. |
| WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data. |
| Subscriber SQL Injection in GamiPress <= 7.8.7 versions. |
