Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23931

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Jan, 2025 | 14:29
Updated At-22 Jan, 2025 | 19:43
Rejected At-
Credits

WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Jan, 2025 | 14:29
Updated At:22 Jan, 2025 | 19:43
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.

Affected Products
Vendor
NotFound
Product
WordPress Local SEO
Collection URL
https://wordpress.org/plugins
Package Name
dh-local-seo
Default Status
unaffected
Versions
Affected
  • From n/a through 2.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-7CAPEC-7 Blind SQL Injection
CAPEC ID: CAPEC-7
Description: CAPEC-7 Blind SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Aiden (Thái An) (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Jan, 2025 | 15:15
Updated At:22 Jan, 2025 | 15:15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primaryaudit@patchstack.com
CWE ID: CWE-89
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

185Records found
CVE-2025-30876
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.59%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 05:31
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ads by WPQuads plugin <= 2.0.87.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads allows SQL Injection. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.

Action-Not Available
Vendor-Ads by WPQuads
Product-Ads by WPQuads
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31565
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPSmartContracts plugin <= 2.0.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10.

Action-Not Available
Vendor-WPSmartContracts
Product-WPSmartContracts
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30886
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.59%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 05:31
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.

Action-Not Available
Vendor-JoomSky
Product-JS Help Desk
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Catalog plugin <= 1.0.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog allows SQL Injection. This issue affects Product Catalog: from n/a through 1.0.4.

Action-Not Available
Vendor-origincode
Product-Product Catalog
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30807
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.59%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 20:58
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a through 3.9.4.

Action-Not Available
Vendor-Martin Nguyen
Product-Next-Cart Store to WooCommerce Migration
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.59%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 05:31
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostMash <= 1.0.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash allows SQL Injection. This issue affects PostMash: from n/a through 1.0.3.

Action-Not Available
Vendor-torsteino
Product-PostMash
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-28942
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce allows SQL Injection. This issue affects Trust Payments Gateway for WooCommerce: from n/a through 1.1.4.

Action-Not Available
Vendor-Trust Payments
Product-Trust Payments Gateway for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-28904
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 18:48
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Web Directory Free plugin <= 1.7.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.

Action-Not Available
Vendor-Shamalli
Product-Web Directory Free
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26875
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 21:57
Updated-17 Mar, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3.

Action-Not Available
Vendor-silverplugins217
Product-Multiple Shipping And Billing Address For Woocommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26988
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.

Action-Not Available
Vendor-Cozy Vision
Product-SMS Alert Order Notifications – WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.

Action-Not Available
Vendor-Eniture, LLC
Product-Small Package Quotes – Worldwide Express Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26943
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Quotes plugin <= 1.2.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes allows Blind SQL Injection. This issue affects Easy Quotes: from n/a through 1.2.2.

Action-Not Available
Vendor-Jürgen Müller
Product-Easy Quotes
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26898
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.59%
||
7 Day CHG-0.00%
Published-27 Mar, 2025 | 21:51
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Traveler theme <= 3.1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.

Action-Not Available
Vendor-Shinetheme
Product-Traveler
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n/a through 3.1.3.

Action-Not Available
Vendor-CMSJunkie - WordPress Business Directory Plugins
Product-WP-BusinessDirectory
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.

Action-Not Available
Vendor-Eniture, LLC
Product-Small Package Quotes – Worldwide Express Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0.

Action-Not Available
Vendor-mojoomla
Product-WPCRM - CRM for Contact form CF7 & WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:56
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TicketBAI Facturas para WooCommerce <= 3.19 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Blind SQL Injection. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.

Action-Not Available
Vendor-facturaone
Product-TicketBAI Facturas para WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-25150
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Listings WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.6.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 13:59
Updated-27 Jan, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.

Action-Not Available
Vendor-Eniture, LLC
Product-LTL Freight Quotes – Worldwide Express Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 6.97%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.

Action-Not Available
Vendor-Caio Web Dev
Product-CWD – Stealth Links
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22540
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 22.58%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Emailing Subscription Plugin <= 1.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1.

Action-Not Available
Vendor-Sebastian Orellana
Product-Emailing Subscription
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.20% / 42.34%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-15 Jan, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Course Booking System plugin <= 6.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.

Action-Not Available
Vendor-ComMotion
Product-Course Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 22.58%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Virtual Bot Plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0.

Action-Not Available
Vendor-Ofek Nakar
Product-Virtual Bot
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LTL Freight Quotes – FreightQuote Edition Plugin <= 2.3.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11.

Action-Not Available
Vendor-Eniture, LLC
Product-LTL Freight Quotes – FreightQuote Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-32590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 15:02
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.

Action-Not Available
Vendor-subscribe_to_category_projectDaniel Söderström / Sidney van de Stouwe
Product-subscribe_to_categorySubscribe to Category
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-28787
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 20:24
Updated-06 Aug, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.

Action-Not Available
Vendor-ExpressTech
Product-Quiz And Survey Master
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.14% / 34.83%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-07 Jan, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SSL Wireless SMS Notification Plugin <= 3.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SSL Wireless SSL Wireless SMS Notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.

Action-Not Available
Vendor-SSL Wireless
Product-SSL Wireless SMS Notification
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56039
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:55
Updated-31 Dec, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7.

Action-Not Available
Vendor-VibeThemes
Product-VibeBP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55972
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-5.42% / 89.77%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress eTemplates plugin <= 0.2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1.

Action-Not Available
Vendor-Chris Carvache
Product-eTemplates
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55988
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-19.88% / 95.24%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9.

Action-Not Available
Vendor-Amol Nirmala Waman
Product-Navayan CSV Export
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Code Generator Pro plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2.

Action-Not Available
Vendor-WalletStation.com
Product-Code Generator Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55977
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 36.59%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1.

Action-Not Available
Vendor-launch-page-importer
Product-LaunchPage.app Importer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wr Age Verification plugin <= 2.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0.

Action-Not Available
Vendor-Webriderz
Product-Wr Age Verification
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-12.74% / 93.75%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through 1.0.2.

Action-Not Available
Vendor-richteam
Product-Share Buttons – Social Media
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:43
Updated-27 Jun, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0.

Action-Not Available
Vendor-iqonicIqonic Design
Product-wpbookitWPBookit
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54361
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 36.59%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.

Action-Not Available
Vendor-outstrip
Product-Instant Appointment
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.18% / 40.31%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.

Action-Not Available
Vendor-wp-buy
Product-Limit Login Attempts
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.33% / 54.91%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:44
Updated-13 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.

Action-Not Available
Vendor-WPWeb Elite
Product-docketDocket (WooCommerce Collections / Wishlist / Watchlist)docket
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54221
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 41.35%
||
7 Day CHG+0.02%
Published-04 Dec, 2024 | 23:27
Updated-05 Dec, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6.

Action-Not Available
Vendor-Roninwproninwp
Product-FAT Services Bookingfat_services_booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:37
Updated-20 Nov, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.

Action-Not Available
Vendor-pressaholicPressaholicpressaholic
Product-wordpress_video_robotWordPress Video Robot - The Ultimate Video Importerwordpress_video_robot
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 41.35%
||
7 Day CHG+0.02%
Published-28 Nov, 2024 | 10:44
Updated-29 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Express Payments plugin <= 1.1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8.

Action-Not Available
Vendor-LLC «TriIncom»trilncom_llc
Product-Express Payments Moduleexpress_payments_module
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-51615
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:07
Updated-06 Dec, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.

Action-Not Available
Vendor-Owen Cutajar & Hyder Jaffariwp_auctions
Product-WordPress Auction Pluginwp-auctions
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-23.19% / 95.72%
||
7 Day CHG+0.92%
Published-28 Oct, 2024 | 12:37
Updated-13 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVP ME plugin <= 1.9.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9.

Action-Not Available
Vendor-micahbluMicah Blumicah_blu
Product-rsvp_meRSVP MErvsp_me
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:25
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10.

Action-Not Available
Vendor-WPFactorywpfactory
Product-Email Verification for WooCommercecustomer_email_verification_for_woocommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-39.34% / 97.19%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 12:09
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9.

Action-Not Available
Vendor-SWITswit
Product-WP Sessions Time Monitoring Full Automaticwp_sessions_time_monitoring_full_automatic
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:31
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Rating with Custom Login plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1.

Action-Not Available
Vendor-anand23
Product-Ajax Rating with Custom Login
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-47331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 18:20
Updated-14 Nov, 2024 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.

Action-Not Available
Vendor-NinjaTeam
Product-multi_step_for_contact_form_7Multi Step for Contact Formmulti_step_for_contact_form
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-47350
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.29% / 51.49%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 12:55
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.

Action-Not Available
Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)
Product-YITH WooCommerce Ajax Searchyith_woocommerce_ajax_search
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.57% / 67.65%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:45
Updated-19 Sep, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

Action-Not Available
Vendor-stylemixthemesStylemixThemesstylemixthemes
Product-cost_calculator_builderCost Calculator Buildercost_calculator_builder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-39653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.57% / 67.65%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:20
Updated-13 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikRentCar Car Rental Management System plugin <= 1.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.

Action-Not Available
Vendor-e4jconnectE4J s.r.l.e4jconnect
Product-vikrentcarVikRentCarvikrentcar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found