Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-26915

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-25 Feb, 2025 | 14:17
Updated At-25 Feb, 2025 | 18:43
Rejected At-
Credits

WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:25 Feb, 2025 | 14:17
Updated At:25 Feb, 2025 | 18:43
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41.

Affected Products
Vendor
PickPlugins
Product
Wishlist
Collection URL
https://wordpress.org/plugins
Package Name
wishlist
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.41 (custom)
    • -> unaffectedfrom1.0.42
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-66CAPEC-66 SQL Injection
CAPEC ID: CAPEC-66
Description: CAPEC-66 SQL Injection
Solutions

Update the WordPress Wishlist wordpress plugin to the latest available version (at least 1.0.42).

Configurations
Workarounds
Exploits
Credits
finder
LVT-tholv2k (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:25 Feb, 2025 | 15:15
Updated At:25 Feb, 2025 | 15:15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primaryaudit@patchstack.com
CWE ID: CWE-89
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

229Records found
CVE-2025-32618
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wishlist plugin <= 1.0.43 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43.

Action-Not Available
Vendor-PickPlugins
Product-Wishlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-5.51% / 89.86%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:18
Updated-19 Mar, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.

Action-Not Available
Vendor-podlovePodlove
Product-podlove_podcast_publisherPodlove Podcast Publisher
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30488
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.39% / 58.95%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:42
Updated-08 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zotpress plugin <= 7.3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7.

Action-Not Available
Vendor-Katie Seabornkatieseaborn
Product-Zotpresszotpress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-22283
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.16% / 36.99%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 23:11
Updated-23 May, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Delhivery Logistics Courier Plugin <= 1.0.107 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.

Action-Not Available
Vendor-delhiveryDelhivery
Product-logistics_courierDelhivery Logistics Courier
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-3.54% / 87.21%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 04:36
Updated-04 Feb, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30535
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 50.46%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:16
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Form Builder plugin <= 3.7.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4.

Action-Not Available
Vendor-WhiteStudio
Product-Easy Form Builder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-55.21% / 97.97%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:49
Updated-04 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 61.62%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 04:33
Updated-08 Apr, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tooltips plugin < 9.4.5 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.

Action-Not Available
Vendor-Tomas
Product-WordPress Tooltips
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-56216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 00:00
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-54026
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4.

Action-Not Available
Vendor-QuanticaLabs
Product-GymBase Theme Classes
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-55708
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4.

Action-Not Available
Vendor-ExpressTech Systems
Product-Quiz And Survey Master
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-52823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:33
Updated-14 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfolio: from n/a through 1.16.8.

Action-Not Available
Vendor-ovatheme
Product-Cube Portfolio
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-52821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG+0.01%
Published-20 Jun, 2025 | 15:03
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.

Action-Not Available
Vendor-thanhtungtnt
Product-Video List Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-52820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:33
Updated-14 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4.

Action-Not Available
Vendor-infosoftplugin
Product-WooCommerce Point Of Sale (POS)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-52819
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pakke Envíos plugin <= 1.0.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2.

Action-Not Available
Vendor-pakkemx
Product-Pakke Envíos
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-52822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG+0.01%
Published-20 Jun, 2025 | 15:03
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Roadmap plugin <= 2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap allows SQL Injection. This issue affects WP Roadmap: from n/a through 2.1.3.

Action-Not Available
Vendor-Iqonic Design
Product-WP Roadmap
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49323
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hydra Booking <= 1.1.10 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking allows SQL Injection. This issue affects Hydra Booking: from n/a through 1.1.10.

Action-Not Available
Vendor-Themefic
Product-Hydra Booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49876
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2.

Action-Not Available
Vendor-Metagauss Inc.
Product-ProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49033
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid <= 5.9.5.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3.

Action-Not Available
Vendor-Metagauss Inc.
Product-ProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47645
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows SQL Injection. This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through 1.4.9.

Action-Not Available
Vendor-ELEXtensions
Product-ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47575
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.

Action-Not Available
Vendor-mojoomla
Product-School Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-46463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mailing Group Listserv <= 3.0.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection. This issue affects Mailing Group Listserv: from n/a through 3.0.4.

Action-Not Available
Vendor-Yamna Khawaja
Product-Mailing Group Listserv
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47478
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0.

Action-Not Available
Vendor-Metagauss Inc.
Product-ProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:10
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

Action-Not Available
Vendor-mojoomla
Product-WPAMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects Pinterest Automatic Pin: from n/a through n/a.

Action-Not Available
Vendor-ValvePress
Product-Pinterest Automatic Pin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:46
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAT Services Booking plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through 5.6.

Action-Not Available
Vendor-roninwp
Product-FAT Services Booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a.

Action-Not Available
Vendor-ValvePress
Product-Rankie
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39357
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:43
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

Action-Not Available
Vendor-mojoomla
Product-Hospital Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32924
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:57
Updated-09 Jun, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revy plugin <= 2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.

Action-Not Available
Vendor-roninwproninwp
Product-revyRevy
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32307
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chameleon HTML5 Audio Player With/Without Playlist <= 3.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist allows SQL Injection. This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through 3.5.6.

Action-Not Available
Vendor-LambertGroup
Product-Chameleon HTML5 Audio Player With/Without Playlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31619
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 20:58
Updated-10 Apr, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.

Action-Not Available
Vendor-marcoingraiti
Product-Actionwear products sync
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPGYM plugin <= 65.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0.

Action-Not Available
Vendor-mojoomla
Product-WPGYM
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Daisycon prijsvergelijkers plugin <= 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4.

Action-Not Available
Vendor-Daisycon
Product-Daisycon prijsvergelijkers
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32287
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.7.

Action-Not Available
Vendor-LambertGroup
Product-Responsive HTML5 Audio Player PRO With Playlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 20:58
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Push Notifications plugin <= 1.1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.

Action-Not Available
Vendor-M. Tuhin
Product-Ultimate Push Notifications
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31637
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SHOUT <= 3.5.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.

Action-Not Available
Vendor-LambertGroup
Product-SHOUT
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin allows SQL Injection. This issue affects CountDown Pro WP Plugin: from n/a through 2.7.

Action-Not Available
Vendor-LambertGroup
Product-CountDown Pro WP Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32306
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Player Shoutcast & Icecast WordPress Plugin <= 4.4.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin allows Blind SQL Injection. This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through 4.4.6.

Action-Not Available
Vendor-LambertGroup
Product-Radio Player Shoutcast & Icecast WordPress Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31928
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multimedia Responsive Carousel with Image Video Audio Support <= 2.6.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support allows SQL Injection. This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through 2.6.0.

Action-Not Available
Vendor-LambertGroup
Product-Multimedia Responsive Carousel with Image Video Audio Support
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32245
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apollo <= 3.6.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Apollo allows SQL Injection. This issue affects Apollo: from n/a through 3.6.3.

Action-Not Available
Vendor-LambertGroup
Product-Apollo
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:43
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite by Online ADA allows SQL Injection. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18.

Action-Not Available
Vendor-Ability, Inc
Product-Accessibility Suite by Online ADA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 08:42
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Duplicate Title Checker Plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker allows Blind SQL Injection. This issue affects Duplicate Title Checker: from n/a through 1.2.

Action-Not Available
Vendor-ketanajani
Product-Duplicate Title Checker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 6.83%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Behance Portfolio Manager plugin <= 1.7.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.

Action-Not Available
Vendor-eleopard
Product-Behance Portfolio Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Links Page <= 4.9.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.

Action-Not Available
Vendor-Rico Macchi
Product-WP Links Page
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30979
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pixelating image slideshow gallery plugin <= 8.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0.

Action-Not Available
Vendor-gopiplus
Product-Pixelating image slideshow gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-28967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4.

Action-Not Available
Vendor-Steve Truman
Product-Contact Us page - Contact people LITE
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-28969
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery Widget plugin <= 1.2.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1.

Action-Not Available
Vendor-cybio
Product-Gallery Widget
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27281
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.28%
||
7 Day CHG+0.01%
Published-15 Mar, 2025 | 21:57
Updated-17 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5.

Action-Not Available
Vendor-cookforweb
Product-All In Menu
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26976
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.28%
||
7 Day CHG+0.01%
Published-15 Mar, 2025 | 21:57
Updated-18 Mar, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4.

Action-Not Available
Vendor-Aldo Latino
Product-PrivateContent
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-26978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.10%
||
7 Day CHG+0.01%
Published-15 Mar, 2025 | 21:57
Updated-17 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

Action-Not Available
Vendor-NotFound
Product-FS Poster
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found