Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32120

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-04 Apr, 2025 | 15:58
Updated At-04 Apr, 2025 | 20:20
Rejected At-
Credits

WordPress Easy Query – WP Query Builder <= 2.0.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:04 Apr, 2025 | 15:58
Updated At:04 Apr, 2025 | 20:20
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Easy Query – WP Query Builder <= 2.0.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.

Affected Products
Vendor
Erick Danzer
Product
Easy Query – WP Query Builder
Collection URL
https://wordpress.org/plugins
Package Name
easy-query
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-7CAPEC-7 Blind SQL Injection
CAPEC ID: CAPEC-7
Description: CAPEC-7 Blind SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Le Ngoc Anh (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/easy-query/vulnerability/wordpress-easy-query-wp-query-builder-2-0-4-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/easy-query/vulnerability/wordpress-easy-query-wp-query-builder-2-0-4-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:04 Apr, 2025 | 16:15
Updated At:07 Apr, 2025 | 14:18

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primaryaudit@patchstack.com
CWE ID: CWE-89
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/easy-query/vulnerability/wordpress-easy-query-wp-query-builder-2-0-4-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/easy-query/vulnerability/wordpress-easy-query-wp-query-builder-2-0-4-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

182Records found
CVE-2025-54043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue affects SMTP for Amazon SES: from n/a through 1.9.

Action-Not Available
Vendor-YayCommerce
Product-SMTP for Amazon SES
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-53258
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-08 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2.

Action-Not Available
Vendor-Wow-Company
Product-Hover Effects
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-53306
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Forum Server plugin <= 1.8.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lucidcrew WP Forum Server allows SQL Injection. This issue affects WP Forum Server: from n/a through 1.8.2.

Action-Not Available
Vendor-lucidcrew
Product-WP Forum Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-53256
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-02 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YaySMTP plugin <= 2.6.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection.This issue affects YaySMTP: from n/a through 2.6.5.

Action-Not Available
Vendor-YayCommerce
Product-YaySMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress <= 7.4.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5.

Action-Not Available
Vendor-Ruben Garcia
Product-GamiPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-20 Jun, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slim SEO plugin <= 4.5.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO allows SQL Injection. This issue affects Slim SEO: from n/a through 4.5.4.

Action-Not Available
Vendor-Anh Tran
Product-Slim SEO
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Text Expander <= 1.0.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1.

Action-Not Available
Vendor-Andrei Filonov
Product-WP Text Expander
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Persian Woocommerce SMS <= 7.0.10 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS allows SQL Injection. This issue affects Persian Woocommerce SMS: from n/a through 7.0.10.

Action-Not Available
Vendor-PersianScript
Product-Persian Woocommerce SMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortLinks Pro <= 1.0.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7.

Action-Not Available
Vendor-Ruben Garcia
Product-ShortLinks Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49328
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Store Locator WordPress <= 1.5.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.

Action-Not Available
Vendor-Agile Logix
Product-Store Locator WordPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6.

Action-Not Available
Vendor-WCVendors
Product-WC Vendors Marketplace
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.

Action-Not Available
Vendor-ELEXtensions
Product-ELEX Product Feed for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-48301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5.

Action-Not Available
Vendor-YayCommerce
Product-SMTP for SendGrid – YaySMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-48161
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.

Action-Not Available
Vendor-YayCommerce
Product-YaySMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-48299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects YayExtra: from n/a through 1.5.5.

Action-Not Available
Vendor-YayCommerce
Product-YayExtra
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.

Action-Not Available
Vendor-LETSCMS MLM Software
Product-Binary MLM Plan
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49034
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.10.2.

Action-Not Available
Vendor-FunnelKit
Product-Funnel Builder by FunnelKit
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-48280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3.

Action-Not Available
Vendor-Ruben Garcia
Product-AutomatorWP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47460
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TrackShip for WooCommerce <= 1.9.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce allows SQL Injection. This issue affects TrackShip for WooCommerce: from n/a through 1.9.1.

Action-Not Available
Vendor-TrackShip
Product-TrackShip for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cart tracking for WooCommerce <= 1.0.17 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17.

Action-Not Available
Vendor-wpdeverwpdever
Product-cart_tracking_for_woocommerceCart tracking for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-46242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 12.24%
||
7 Day CHG+0.01%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Watu Quiz <= 3.4.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3.

Action-Not Available
Vendor-kibokolabsBob
Product-watu_quizWatu Quiz
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-06 Jun, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8.

Action-Not Available
Vendor-Acowebs (Acodez IT Solutions Pvt. Ltd.)
Product-dynamic_pricing_with_discount_rules_for_woocommerceDynamic Pricing With Discount Rules for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47567
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Player & FullScreen Video Background plugin <= 2.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1.

Action-Not Available
Vendor-LambertGroup
Product-Video Player & FullScreen Video Background
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YaySMTP <= 2.6.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows Blind SQL Injection. This issue affects YaySMTP: from n/a through 2.6.4.

Action-Not Available
Vendor-YayCommerce
Product-YaySMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows SQL Injection. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 5.3.8.

Action-Not Available
Vendor-add-ons.org
Product-PDF Invoices for WooCommerce + Drag and Drop Template Builder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-46252
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG+0.01%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.

Action-Not Available
Vendor-kofimokomekofimokome
Product-message_filter_for_contact_form_7Message Filter for Contact Form 7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-43833
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 17:29
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.

Action-Not Available
Vendor-Amir Helzer
Product-Absolute Links
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:35
Updated-02 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6.

Action-Not Available
Vendor-wpadminifyJewel Theme
Product-wp_adminifyWP Adminify
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-52131
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:43
Updated-20 Nov, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Generator Plugin <= 1.7.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1.

Action-Not Available
Vendor-wpzincWP Zinc
Product-page_generatorPage Generator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BMA Lite <= 1.4.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.

Action-Not Available
Vendor-RedefiningTheWeb
Product-BMA Lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-51547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:39
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fluent Support Plugin <= 1.7.6 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.

Action-Not Available
Vendor-wpmanageninjaWPManageNinja LLC
Product-fluent_supportFluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50844
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 18:27
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3.

Action-Not Available
Vendor-jameswardJames Ward
Product-wp_mail_catcherMail logging – WP Mail Catcher
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:21
Updated-02 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02.

Action-Not Available
Vendor-squirrlySquirrly
Product-seo_plugin_by_squirrly_seoSquirrly SEO - Advanced Pack
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 10:57
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1.

Action-Not Available
Vendor-funnelkitFunnelKit
Product-funnelkit_automationsRecover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50837
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:43
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.

Action-Not Available
Vendor-webfactoryltdWebFactory Ltd
Product-wp_login_lockdownLogin Lockdown – Protect Login Form
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:30
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-bookitBooking Calendar | Appointment Booking | BookIt
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50845
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 18:23
Updated-17 Apr, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28.

Action-Not Available
Vendor-ayecodeAyeCode - WordPress Business Directory Plugins
Product-geodirectoryGeoDirectory – WordPress Business Directory Plugin, or Classified Directory
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-50853
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 11:25
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0.

Action-Not Available
Vendor-advancedformintegrationNasirahmed
Product-advanced_form_integrationAdvanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:40
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3.

Action-Not Available
Vendor-Cnilsson
Product-iCafe Library
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49161
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 17:31
Updated-20 Nov, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2.

Action-Not Available
Vendor-guelbetechGuelben
Product-bravo_translateBravo Translate
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:50
Updated-06 May, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.

Action-Not Available
Vendor-wcvendorsWC Vendors
Product-woocommerce_multi-vendor\,_woocommerce_marketplace\,_product_vendorsWC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-47506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 33.00%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 23:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.

Action-Not Available
Vendor-mastersliderMaster slider
Product-master_sliderMaster Slider Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 33.66%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 17:03
Updated-06 May, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2.

Action-Not Available
Vendor-BannerSky
Product-bsk_forms_blacklistBSK Forms Blacklist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.

Action-Not Available
Vendor-solwininfotech
Product-WP Social Stream Designer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1.

Action-Not Available
Vendor-Aristo Rinjuang
Product-WP Inquiries
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32204
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Split Test For Elementor Plugin <= 1.8.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2.

Action-Not Available
Vendor-rocketelements
Product-Split Test For Elementor
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32127
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress onOffice for WP-Websites plugin <= 5.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7.

Action-Not Available
Vendor-onOffice GmbH
Product-onOffice for WP-Websites
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31910
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookingPress Plugin <= 1.1.28 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28.

Action-Not Available
Vendor-reputeinfosystems
Product-BookingPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32124
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Behance Portfolio Manager plugin <=1.7.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.

Action-Not Available
Vendor-eleopard
Product-Behance Portfolio Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32126
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pay with Contact Form 7 Plugin <= 1.0.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

Action-Not Available
Vendor-cmsMinds
Product-Pay with Contact Form 7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found