Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-14 | CVE-2021-24345 | The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. | 0.0 |
| 2021-06-14 | CVE-2021-24348 | The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue | 0.0 |
| 2021-06-14 | CVE-2021-24360 | SQL Injection vulnerability in Kohsei-Works Yes/No Chart The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks | 4.0 |
| 2021-06-11 | CVE-2021-32932 | The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | 0.0 |
| 2021-06-10 | CVE-2020-24667 | SQL Injection vulnerability in Tracefinanacial Crestbridge Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | 6.5 |
| 2021-06-10 | CVE-2020-24671 | SQL Injection vulnerability in Tracefinanacial Crestbridge Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | 6.5 |
| 2021-06-07 | CVE-2021-29099 | SQL Injection vulnerability in Esri Arcgis Server A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. | 5.0 |
| 2021-06-07 | CVE-2021-24336 | SQL Injection vulnerability in Zavedil Flightlog 2.0/3.0.2 The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users | 6.5 |
| 2021-06-07 | CVE-2021-24337 | SQL Injection vulnerability in Video Embed Project Video Embed The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. | 6.5 |
| 2021-06-07 | CVE-2021-24340 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. | 5.0 |