| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. |
| The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strings prior to json_decode(), which removes the escaping applied by WordPress's wp_magic_quotes; the resulting decoded array values are then concatenated directly into SQL WHERE clauses without parameterization, and the constructed query is executed via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The handler also returns the executed SQL string in its JSON response, which simplifies oracle construction for blind exploitation. |
| Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. |
| Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. |
| Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. |
| Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions. |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. |
| Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. |
| WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data. |
| Subscriber SQL Injection in GamiPress <= 7.8.7 versions. |
| Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions. |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. |
| Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. |
| Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. |
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. |
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. |
| Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0. |
