Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32135

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-15 Apr, 2024 | 07:31
Updated At-02 Aug, 2024 | 02:06
Rejected At-
Credits

WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:15 Apr, 2024 | 07:31
Updated At:02 Aug, 2024 | 02:06
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.

Affected Products
Vendor
WPZest
Product
Disable Comments | WPZest
Collection URL
https://wordpress.org/plugins
Package Name
disable-comments-wpz
Default Status
unaffected
Versions
Affected
  • From n/a through 1.51 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dimas Maulana (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:15 Apr, 2024 | 08:15
Updated At:15 Apr, 2024 | 13:15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primaryaudit@patchstack.com
CWE ID: CWE-89
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/disable-comments-wpz/wordpress-disable-comments-wpzest-plugin-1-51-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

182Records found
CVE-2024-39658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:42
Updated-13 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:05
Updated-13 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wp_user_frontendWP User Frontend
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.36% / 57.04%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 09:01
Updated-02 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.

Action-Not Available
Vendor-strangerstudiosPaid Memberships Pro
Product-paid_memberships_proPaid Memberships Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.16% / 37.82%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 13:08
Updated-17 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMarker Plugin < 10.5.5 is vulnerable to SQL Injection

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.

Action-Not Available
Vendor-carrcommunicationsDavid F. Carr
Product-rsvpmakerRSVPMaker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-35630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.21% / 43.94%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:27
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.

Action-Not Available
Vendor-LJ Appsljapps
Product-WP TripAdvisor Review Sliderwp_tripadvisor_review_slider
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-26003
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Post Corrector <= 1.0.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.

Action-Not Available
Vendor-vipul Jariwala
Product-WP Post Corrector
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:15
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.

Action-Not Available
Vendor-Lucian Apostol
Product-Auto Affiliate Links
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-5.36% / 89.70%
||
7 Day CHG+1.04%
Published-22 Jul, 2024 | 10:11
Updated-14 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress spiffy-calendar plugin <= 4.9.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-spiffy_calendarSpiffy Calendar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-2.92% / 85.87%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 10:06
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UiPress lite plugin <= 3.4.06 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

Action-Not Available
Vendor-uipressBởi Admin 2020
Product-uipress_liteUiPress lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23991
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 08:56
Updated-02 Aug, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.

Action-Not Available
Vendor-WP Booking Calendar
Product-Booking Calendar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33911
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-4.49% / 88.68%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:10
Updated-16 Jul, 2025 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.

Action-Not Available
Vendor-weblizarWeblizar
Product-school_managementSchool Management Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.

Action-Not Available
Vendor-LETSCMS MLM Software
Product-Binary MLM Plan
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.32% / 54.20%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 10:25
Updated-19 Mar, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.

Action-Not Available
Vendor-onthegosystemsOnTheGoSystemsonthegosystems
Product-woocommerce_multilingual_\&_multicurrencyWooCommerce Multilingual & Multicurrencysitepress-multilingual-cms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32551
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.30% / 52.68%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 10:27
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.

Action-Not Available
Vendor-Smartypants
Product-SP Project & Document Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32098
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:39
Updated-08 Aug, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6.

Action-Not Available
Vendor-Page Visit Counter
Product-Advanced Page Visit Counter
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.17% / 39.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:32
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12.

Action-Not Available
Vendor-Nasirahmed
Product-Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32087
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:40
Updated-02 Apr, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7.

Action-Not Available
Vendor-ExportFeed.comAdTribes
Product-product_feed_pro_for_woocommerceProduct Feed on WooCommerce for Google
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.23% / 45.80%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 16:19
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Activity Log plugin <= 1.8 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.

Action-Not Available
Vendor-Solwin Infotech
Product-User Activity Log
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30245
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.20% / 42.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 04:17
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DecaLog plugin <= 3.9.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.

Action-Not Available
Vendor-DecaLog
Product-DecaLog
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-26.95% / 96.18%
||
7 Day CHG-0.50%
Published-15 Apr, 2024 | 07:29
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.

Action-Not Available
Vendor-Xenioushk
Product-BWL Advanced FAQ Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.23% / 45.80%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:34
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20.

Action-Not Available
Vendor-Codeboxr Team
Product-CBX Bookmark & Favorite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.20% / 42.31%
||
7 Day CHG+0.05%
Published-07 Apr, 2024 | 18:00
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress Export Importlearnpress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.25% / 47.77%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:55
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OSS Aliyun plugin <= 1.4.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.

Action-Not Available
Vendor-沈唁aliyun-oss-client_project
Product-OSS Aliyunaliyun-oss-client
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:56
Updated-27 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Falang multilanguage for WordPress plugin <= 1.3.47 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.

Action-Not Available
Vendor-fabobaFaboba
Product-falangFalang multilanguage
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 14:09
Updated-11 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Engine plugin <= 5.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.

Action-Not Available
Vendor-wptravelengineWP Travel Enginewptravelengine
Product-wp_travel_engineWP Travel Enginewp_travel_engine
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.58% / 68.04%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 14:06
Updated-27 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.

Action-Not Available
Vendor-wpchillWPChillwpchill
Product-download_monitorDownload Monitordownload_monitor
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31116
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:15
Updated-15 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)
Product-10Web Map Builder for Google Mapsmap_builder_for_google_maps
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.21% / 42.98%
||
7 Day CHG+0.06%
Published-07 Apr, 2024 | 17:57
Updated-07 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Edwiser Bridge plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.

Action-Not Available
Vendor-wisdmlabsWisdmLabs
Product-edwiser_bridgeEdwiser Bridge
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.37% / 57.99%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 04:43
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider by Supsystic plugin <= 1.8.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.

Action-Not Available
Vendor-Supsystic
Product-Slider by Supsystic
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:40
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3.

Action-Not Available
Vendor-Cnilsson
Product-iCafe Library
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-21747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.24% / 47.32%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 16:48
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wp_erpWP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.41% / 60.48%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 13:01
Updated-05 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.

Action-Not Available
Vendor-miniorange
Product-Malware Scanner
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-22147
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 23:15
Updated-23 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.

Action-Not Available
Vendor-wpovernightWP Overnight
Product-woocommerce_pdf_invoices\&_packing_slipsPDF Invoices & Packing Slips for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.

Action-Not Available
Vendor-ELEXtensions
Product-ELEX Product Feed for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-46252
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.81%
||
7 Day CHG+0.01%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.

Action-Not Available
Vendor-kofimokomekofimokome
Product-message_filter_for_contact_form_7Message Filter for Contact Form 7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BMA Lite <= 1.4.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.

Action-Not Available
Vendor-RedefiningTheWeb
Product-BMA Lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 10:17
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.1.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0.

Action-Not Available
Vendor-really-simple-pluginsReally Simple Plugins
Product-recipe_maker_for_your_food_blog_from_zip_recipesRecipe Maker For Your Food Blog from Zip Recipes
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:35
Updated-02 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6.

Action-Not Available
Vendor-wpadminifyJewel Theme
Product-wp_adminifyWP Adminify
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 16:53
Updated-02 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.

Action-Not Available
Vendor-geomywpEyal Fitoussi
Product-geo_my_wordpressGEO my WordPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1.

Action-Not Available
Vendor-Aristo Rinjuang
Product-WP Inquiries
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52201
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 20:09
Updated-17 Jun, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress pTypeConverter Plugin <= 0.2.8.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1.

Action-Not Available
Vendor-briandgoadBrian D. Goad
Product-ptypeconverterpTypeConverter
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 10:09
Updated-02 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WS Form LITE Plugin <= 1.9.170 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.

Action-Not Available
Vendor-westguardsolutionsWS Form
Product-ws_formWS Form LITE – Drag & Drop Contact Form Builder for WordPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52142
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.27% / 50.02%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 20:56
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.

Action-Not Available
Vendor-coolpluginsCool Plugins
Product-events_shortcodes_for_the_events_calendarEvents Shortcodes For The Events Calendar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52131
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:43
Updated-20 Nov, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Generator Plugin <= 1.7.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1.

Action-Not Available
Vendor-wpzincWP Zinc
Product-page_generatorPage Generator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50851
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:28
Updated-17 Apr, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1.

Action-Not Available
Vendor-N Squared Digital, LLC
Product-simply_schedule_appointmentsAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50844
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 18:27
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3.

Action-Not Available
Vendor-jameswardJames Ward
Product-wp_mail_catcherMail logging – WP Mail Catcher
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50843
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 18:30
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clockwork SMS Notfications Plugin <= 3.0.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4.

Action-Not Available
Vendor-mediaburstClockwork
Product-clockwork_sms_notficationsClockwork SMS Notfications
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50849
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:34
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress e2pdf Plugin <= 1.20.23 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.

Action-Not Available
Vendor-e2pdfE2Pdf.com
Product-e2pdfE2Pdf – Export To Pdf Tool for WordPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50838
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 20:04
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5.

Action-Not Available
Vendor-basixonlineBasix
Product-nex-formsNEX-Forms – Ultimate Form Builder – Contact forms and much more
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:01
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3.

Action-Not Available
Vendor-funnelkitFunnelKit
Product-funnel_builderFunnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found