Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-23805

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-19 Feb, 2026 | 08:26
Updated At-24 Feb, 2026 | 19:21
Rejected At-
Credits

WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:19 Feb, 2026 | 08:26
Updated At:24 Feb, 2026 | 19:21
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.

Affected Products
Vendor
Yoren Chang
Product
Media Search Enhanced
Collection URL
https://wordpress.org/plugins
Package Name
media-search-enhanced
Default Status
unaffected
Versions
Affected
  • From n/a through <= 0.9.1 (custom)
    • -> unaffectedfrom0.9.2
Problem Types
TypeCWE IDDescription
CWECWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-66SQL Injection
CAPEC ID: CAPEC-66
Description: SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:19 Feb, 2026 | 09:16
Updated At:24 Feb, 2026 | 20:27

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Secondaryaudit@patchstack.com
CWE ID: CWE-89
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

197Records found
CVE-2025-26590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 14.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Complete Google Seo Scan <= 3.5.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1.

Action-Not Available
Vendor-Nir
Product-Complete Google Seo Scan
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-25112
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Links allows Blind SQL Injection. This issue affects Social Links: from n/a through 1.2.

Action-Not Available
Vendor-NotFound
Product-Social Links
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Download Monitor plugin <= 3.9.25 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25.

Action-Not Available
Vendor-Tips and Tricks HQ, Ruhul Amin, Josh Lobe
Product-Simple Download Monitor
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-3.94% / 88.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6.

Action-Not Available
Vendor-WordPress Download Manager Pro
Product-Premium Packages
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-23779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.26% / 49.45%
||
7 Day CHG+0.06%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ResAds Plugin <= 2.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5.

Action-Not Available
Vendor-web-mv.de
Product-ResAds
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.18% / 40.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mailing Group Listserv Plugin <= 2.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through 2.0.9.

Action-Not Available
Vendor-Yamna Khawaja
Product-Mailing Group Listserv
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22710
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-15.38% / 94.50%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-06 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Manager Plugin <= 8.52.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0.

Action-Not Available
Vendor-StoreApps
Product-Smart Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.92% / 75.62%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 15:04
Updated-27 Mar, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1.

Action-Not Available
Vendor-kendysond
Product-Payment Forms for Paystack
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22349
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.09% / 25.29%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:48
Updated-07 Jan, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.

Action-Not Available
Vendor-Owen Cutajar & Hyder Jaffari
Product-WordPress Auction Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22536
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.06% / 17.64%
||
7 Day CHG-0.03%
Published-07 Jan, 2025 | 14:57
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3.

Action-Not Available
Vendor-Hiren Patel
Product-WP Music Player
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.09% / 25.55%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:48
Updated-07 Jan, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenguinArts Contact Form 7 Database – CFDB7 allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through 1.0.0.

Action-Not Available
Vendor-PenguinArts
Product-Contact Form 7 Database – CFDB7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-28136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 7.40%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 08:33
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.

Action-Not Available
Vendor-VeronaLabs
Product-WP SMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-25378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.42%
||
7 Day CHG+0.01%
Published-19 Feb, 2026 | 08:27
Updated-19 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.

Action-Not Available
Vendor-Nelio Software
Product-Nelio AB Testing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-25418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 10.42%
||
7 Day CHG+0.01%
Published-19 Feb, 2026 | 08:27
Updated-19 Feb, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.

Action-Not Available
Vendor-bitpressadmin
Product-Bit Form
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-22470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.

Action-Not Available
Vendor-FireStorm Plugins
Product-FireStorm Professional Real Estate
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-38519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 13:48
Updated-02 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Plugin <= 4.4.3.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

Action-Not Available
Vendor-mainwpMainWP
Product-mainwp_dashboardMainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-64293
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 15:52
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 0 Day Analytics plugin <= 4.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0.

Action-Not Available
Vendor-Golemiq
Product-0 Day Analytics
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ewald Harmsen Mollie for Contact Form 7 allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through 5.0.0.

Action-Not Available
Vendor-Ewald Harmsen
Product-Mollie for Contact Form 7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56053
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 18:58
Updated-12 Dec, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56250
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.18% / 39.43%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Just Writing Statistics plugin <= 4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GregRoss Just Writing Statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through 4.7.

Action-Not Available
Vendor-GregRoss
Product-Just Writing Statistics
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-53783
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 21:03
Updated-01 Dec, 2024 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.

Action-Not Available
Vendor-Anzia
Product-Ni WooCommerce Cost Of Goods
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-68550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 11:47
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky allows Blind SQL Injection.This issue affects WPBulky: from n/a through 1.1.13.

Action-Not Available
Vendor-VillaTheme
Product-WPBulky
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-68561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 11:34
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomatorWP plugin <= 5.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4.

Action-Not Available
Vendor-Ruben Garcia
Product-AutomatorWP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.16%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:36
Updated-20 Nov, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3.

Action-Not Available
Vendor-WordPress Download Manager ProW3 Eden, Inc.
Product-premium_packages_-_sell_digital_products_securelyPremium Packages
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.21% / 43.82%
||
7 Day CHG-0.08%
Published-18 Nov, 2024 | 14:30
Updated-20 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.

Action-Not Available
Vendor-wpexpertsPost SMTP
Product-post_smtpPost SMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.22% / 45.06%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:27
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502.

Action-Not Available
Vendor-Surfer
Product-Surfer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:08
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.

Action-Not Available
Vendor-ShortPixelshortpixel
Product-ShortPixel Image Optimizershortpixel_image_optimizer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43969
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.55% / 67.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 22:33
Updated-20 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.

Action-Not Available
Vendor-Spiffy Plugins
Product-Spiffy Calendar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43966
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 15:07
Updated-08 Nov, 2024 | 08:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Testimonial Widget plugin <= 3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.

Action-Not Available
Vendor-starkdigitalStark Digital
Product-wp_testimonial_widgetWP Testimonial Widget
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.38% / 59.03%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:39
Updated-22 Jan, 2025 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-39658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.75% / 72.92%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:42
Updated-13 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-59008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:25
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ZIP Code Based Content Protection plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code Based Content Protection: from n/a through 1.0.0.

Action-Not Available
Vendor-PressTigers
Product-ZIP Code Based Content Protection
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-3.32% / 87.05%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 10:06
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UiPress lite plugin <= 3.4.06 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

Action-Not Available
Vendor-uipressBởi Admin 2020
Product-uipress_liteUiPress lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-59570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6.

Action-Not Available
Vendor-WPFunnels
Product-Mail Mint
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37256
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 09:02
Updated-02 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.43% / 62.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 09:01
Updated-02 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.

Action-Not Available
Vendor-strangerstudiosPaid Memberships Pro
Product-paid_memberships_proPaid Memberships Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-58789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:44
Updated-08 Sep, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Full Stripe Free Plugin <= 8.3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free allows SQL Injection. This issue affects WP Full Stripe Free: from n/a through 8.3.0.

Action-Not Available
Vendor-Themeisle
Product-WP Full Stripe Free
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-59129
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 16:51
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8.

Action-Not Available
Vendor-Appointify
Product-Appointify
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-58788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:44
Updated-08 Sep, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress License Manager for WooCommerce Plugin <= 3.0.12 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal License Manager for WooCommerce allows Blind SQL Injection. This issue affects License Manager for WooCommerce: from n/a through 3.0.12.

Action-Not Available
Vendor-Saad Iqbal
Product-License Manager for WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.22% / 45.06%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:15
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.

Action-Not Available
Vendor-Lucian Apostol
Product-Auto Affiliate Links
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-35630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:27
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.

Action-Not Available
Vendor-LJ Appsljapps
Product-WP TripAdvisor Review Sliderwp_tripadvisor_review_slider
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 14.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6.

Action-Not Available
Vendor-WCVendors
Product-WC Vendors Marketplace
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-58993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:33
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4.

Action-Not Available
Vendor-Themeum
Product-Tutor LMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-34168
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.29%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:36
Updated-24 Sep, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2.

Action-Not Available
Vendor-Alex Raven (Esiteq)
Product-wp_report_postWP Report Post
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-32743
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.95%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 15:55
Updated-02 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1.

Action-Not Available
Vendor-WooCommerce
Product-automatewooAutomateWoo
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-58604
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 8.90%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 14:36
Updated-04 Sep, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.

Action-Not Available
Vendor-WPFunnels
Product-Mail Mint
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.95%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 17:03
Updated-06 May, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2.

Action-Not Available
Vendor-BannerSky
Product-bsk_forms_blacklistBSK Forms Blacklist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 13:08
Updated-17 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMarker Plugin < 10.5.5 is vulnerable to SQL Injection

Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.

Action-Not Available
Vendor-carrcommunicationsDavid F. Carr
Product-rsvpmakerRSVPMaker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-54043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.03% / 9.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue affects SMTP for Amazon SES: from n/a through 1.9.

Action-Not Available
Vendor-YayCommerce
Product-SMTP for Amazon SES
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-22507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.91%
||
7 Day CHG+0.02%
Published-07 Jan, 2025 | 14:57
Updated-07 Jan, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPMU Prefill Post Plugin <= 1.02 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia (ben@woow-fr.com) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02.

Action-Not Available
Vendor-Benjamin Santalucia (ben@woow-fr.com)
Product-WPMU Prefill Post
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found