Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2023-2841 | SQL Injection vulnerability in Zorem Advanced Local Pickup for Woocommerce The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2023-11-22 | CVE-2023-5465 | SQL Injection vulnerability in Gopiplus Popup With Fancybox 3.5 The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-11-22 | CVE-2023-5466 | SQL Injection vulnerability in Gopiplus WP Anything Slider 9.1 The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-11-20 | CVE-2023-5640 | SQL Injection vulnerability in Dguzun Article Analytics The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. | 9.8 |
| 2023-11-20 | CVE-2023-5652 | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | 9.8 |
| 2023-11-20 | CVE-2023-46700 | SQL Injection vulnerability in Luxsoft Luxcal web Calendar SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | 9.8 |
| 2023-11-17 | CVE-2023-45387 | SQL Injection vulnerability in Myprestamodules Exportproducts 4.1.1/5.0.0 In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | 9.8 |
| 2023-11-17 | CVE-2023-48078 | SQL Injection vulnerability in Code-Projects Simple Crud Functionality 1.0 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | 9.8 |
| 2023-11-16 | CVE-2021-35437 | SQL Injection vulnerability in Lmxcms 1.4 SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class. | 9.8 |
| 2023-11-15 | CVE-2023-40923 | SQL Injection vulnerability in Myprestamodules Orders (Csv, Excel) Export MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | 8.8 |