Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57644

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-26 Jun, 2026 | 14:53
Updated At-26 Jun, 2026 | 16:37
Rejected At-
Credits

WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:26 Jun, 2026 | 14:53
Updated At:26 Jun, 2026 | 16:37
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Affected Products
Vendor
jetmonsters
Product
Restaurant Menu by MotoPress
Collection URL
https://wordpress.org/plugins
Package Name
mp-restaurant-menu
Default Status
unaffected
Versions
Affected
  • From n/a through 2.4.10 (custom)
    • -> unaffectedfrom2.4.11
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-66CAPEC-66 SQL Injection
CAPEC ID: CAPEC-66
Description: CAPEC-66 SQL Injection
Solutions

Update the WordPress Restaurant Menu by MotoPress Plugin to the latest available version (at least 2.4.11).

Configurations

Workarounds

Exploits

Credits

finder
Baikuya | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-10-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-10-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:26 Jun, 2026 | 15:16
Updated At:26 Jun, 2026 | 17:16

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-89Secondaryaudit@patchstack.com
CWE ID: CWE-89
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-10-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/mp-restaurant-menu/vulnerability/wordpress-restaurant-menu-by-motopress-plugin-2-4-10-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

352Records found

CVE-2026-13454
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.10%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 08:30
Updated-01 Jul, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the mpa_appointment_employee custom role, meaning any user assigned this role can perform the attack.

Action-Not Available
Vendor-jetmonsters
Product-MotoPress Appointment Booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3342
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-0.56% / 42.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 08:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-jetmonsters
Product-Timetable and Event Schedule by MotoPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45074
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.55% / 41.92%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 08:35
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.

Action-Not Available
Vendor-pagevisitcounterPage Visit Counter
Product-advanced_page_visit_counterAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45055
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.55% / 41.92%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 08:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.

Action-Not Available
Vendor-inspireuiInspireUIinspireui
Product-mstore_apiMStore APImstore_api
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability

Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.

Action-Not Available
Vendor-友人a丶
Product-nicen-localize-image
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-69094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:14
Updated-02 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

Action-Not Available
Vendor-ThemeMove
Product-Unicamp
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

Action-Not Available
Vendor-WP Job Portal
Product-WP Job Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-56064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.28% / 19.55%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

Action-Not Available
Vendor-Themefic
Product-Tourfic
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-29 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

Action-Not Available
Vendor-FormLift - Adrian Tobey (Groundhogg Inc.)
Product-Groundhogg
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57662
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability

Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

Action-Not Available
Vendor-Wasiliy Strecker
Product-Contest Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-56012
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:02
Updated-18 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35.

Action-Not Available
Vendor-David Lingren
Product-Media LIbrary Assistant
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

Action-Not Available
Vendor-Igor Benic
Product-Recipe Maker For Your Food Blog from Zip Recipes
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.38%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

Action-Not Available
Vendor-AF themes
Product-WP Post Author
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-54185
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.34% / 26.20%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:51
Updated-17 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Action-Not Available
Vendor-THEMECO
Product-Cornerstone
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.

Action-Not Available
Vendor-Hiroaki Miyashita
Product-Custom Field Template
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-52700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.37% / 28.94%
||
7 Day CHG+0.03%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Action-Not Available
Vendor-WcMultishipping – Mondial Relay & Chronopost for Wooommerce
Product-WCMultiShipping
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-52697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.34% / 25.87%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Action-Not Available
Vendor-Taskbuilder
Product-Taskbuilder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability

Contributor SQL Injection in iNET Webkit 1.2.4 versions.

Action-Not Available
Vendor-iNET
Product-iNET Webkit
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:16
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Action-Not Available
Vendor-Levelfourdevelopment
Product-WP EasyCart
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.55% / 42.18%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 08:20
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.

Action-Not Available
Vendor-castosCastoscastos
Product-seriously_simple_statsSeriously Simple Statsseriously_simple_stats
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-49489
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.26% / 17.69%
||
7 Day CHG~0.00%
Published-31 May, 2026 | 12:04
Updated-01 Jun, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCATS - SQL Injection in DataGrid sortDirection Parameter

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.

Action-Not Available
Vendor-OpenCATS
Product-OpenCATS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-48837
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.37% / 29.27%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 22:05
Updated-26 May, 2026 | 10:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

Action-Not Available
Vendor-Unlimited Elements
Product-Unlimited Elements For Elementor
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-49046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.30% / 22.04%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:49
Updated-28 May, 2026 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5.

Action-Not Available
Vendor-Arjun Thakur
Product-Duplicate Page and Post
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-49073
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 10.59%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 21:23
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.

Action-Not Available
Vendor-wpWax
Product-Directorist Booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-48882
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.33% / 25.13%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Action-Not Available
Vendor-CodePeople
Product-WP Time Slots Booking Form
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-48964
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.33% / 25.13%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Action-Not Available
Vendor-ELEXtensions
Product-ELEX WordPress HelpDesk & Customer Ticketing System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-48874
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.33% / 25.12%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-15 Jun, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Action-Not Available
Vendor-Ruben Garcia
Product-GamiPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 19.30%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:46
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.

Action-Not Available
Vendor-Metagauss Inc.
Product-ProfileGrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 19.30%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:10
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).

Action-Not Available
Vendor-mojoomla
Product-WPAMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39569
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 19.30%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:46
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taskbuilder plugin <= 4.0.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through <= 4.0.1.

Action-Not Available
Vendor-taskbuilder
Product-Taskbuilder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.25% / 16.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0.

Action-Not Available
Vendor-ValvePress
Product-Pinterest Automatic Pin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39357
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.32%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023).

Action-Not Available
Vendor-mojoomla
Product-Hospital Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.33%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:46
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAT Services Booking plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through <= 5.6.

Action-Not Available
Vendor-roninwp
Product-FAT Services Booking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-39486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.25% / 15.76%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2.

Action-Not Available
Vendor-ValvePress
Product-Rankie
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

Action-Not Available
Vendor-Tomdever
Product-wpForo Forum
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-57642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.38%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Gallery <= 4.7.8 versions.

Action-Not Available
Vendor-BestWebSoft
Product-Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-54838
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.56%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:12
Updated-25 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

Action-Not Available
Vendor-Rymera Web Co
Product-WC Vendors Marketplace
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-54813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 13:44
Updated-17 Jun, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.

Action-Not Available
Vendor-Brainstorm Force
Product-SureDash
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.52%
||
7 Day CHG+0.04%
Published-11 Apr, 2025 | 08:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Error Log Viewer By WP Guru plugin <= 1.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5.

Action-Not Available
Vendor-WP Guru
Product-Error Log Viewer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.47% / 37.15%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress teachPress plugin <= 9.0.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.

Action-Not Available
Vendor-mtrvwinkm89
Product-teachpressteachPress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32287
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.33%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.7.

Action-Not Available
Vendor-LambertGroup
Product-Responsive HTML5 Audio Player PRO With Playlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32567
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.55%
||
7 Day CHG+0.04%
Published-11 Apr, 2025 | 08:42
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Post Duplicator Plugin <= 1.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.

Action-Not Available
Vendor-dev02ali
Product-Easy Post Duplicator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.40% / 31.48%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Daisycon prijsvergelijkers plugin <= 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4.

Action-Not Available
Vendor-Daisycon
Product-Daisycon prijsvergelijkers
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.52%
||
7 Day CHG+0.04%
Published-11 Apr, 2025 | 08:42
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Duplicate Title Checker Plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2.

Action-Not Available
Vendor-ketanajani
Product-Duplicate Title Checker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.34% / 26.18%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KiotViet Sync Plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3.

Action-Not Available
Vendor-Kiotviet
Product-KiotViet Sync
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.52%
||
7 Day CHG+0.04%
Published-11 Apr, 2025 | 08:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through <= 4.18.

Action-Not Available
Vendor-Ability, Inc
Product-Accessibility Suite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-54822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.56%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:12
Updated-25 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

Action-Not Available
Vendor-SALESmanago
Product-SALESmanago & Leadoo
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.30% / 21.78%
||
7 Day CHG+0.03%
Published-10 Apr, 2025 | 08:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Review Stars Count For WooCommerce plugin <= 2.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0.

Action-Not Available
Vendor-Magnigenie
Product-Review Stars Count For WooCommerce
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.25% / 15.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:18
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Link Directory Pro plugin < 14.8.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1.

Action-Not Available
Vendor-quantumcloud
Product-Simple Link Directory
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-32618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.52%
||
7 Day CHG+0.04%
Published-11 Apr, 2025 | 08:42
Updated-12 May, 2026 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.

Action-Not Available
Vendor-PickPlugins
Product-Wishlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found