Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-06-14 CVE-2021-24345 The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. 0.0
2021-06-14 CVE-2021-24348 The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue 0.0
2021-06-14 CVE-2021-24360 SQL Injection vulnerability in Kohsei-Works Yes/No Chart
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks
network
low complexity
kohsei-works CWE-89
4.0
2021-06-11 CVE-2021-32932 The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). 0.0
2021-06-10 CVE-2020-24667 SQL Injection vulnerability in Tracefinanacial Crestbridge
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
network
low complexity
tracefinanacial CWE-89
6.5
2021-06-10 CVE-2020-24671 SQL Injection vulnerability in Tracefinanacial Crestbridge
Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03.
network
low complexity
tracefinanacial CWE-89
6.5
2021-06-07 CVE-2021-29099 SQL Injection vulnerability in Esri Arcgis Server
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier.
network
low complexity
esri CWE-89
5.0
2021-06-07 CVE-2021-24336 SQL Injection vulnerability in Zavedil Flightlog 2.0/3.0.2
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users
network
low complexity
zavedil CWE-89
6.5
2021-06-07 CVE-2021-24337 SQL Injection vulnerability in Video Embed Project Video Embed
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.
network
low complexity
video-embed-project CWE-89
6.5
2021-06-07 CVE-2021-24340 SQL Injection vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query.
network
low complexity
veronalabs CWE-89
5.0