Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-33481 | SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0 RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | 9.8 |
| 2023-11-07 | CVE-2023-5709 | SQL Injection vulnerability in Web-Dorado WD Widgettwitter The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2023-11-07 | CVE-2023-42283 | SQL Injection vulnerability in TYK 5.0.3 Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 9.8 |
| 2023-11-07 | CVE-2023-42284 | SQL Injection vulnerability in TYK 5.0.3 Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 9.8 |
| 2023-11-06 | CVE-2023-5082 | SQL Injection vulnerability in Click5Interactive Sitemap BY Click5 The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. | 7.2 |
| 2023-11-06 | CVE-2023-46084 | SQL Injection vulnerability in Bplugins Icons Font Loader 1.0/1.1.2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2. | 8.8 |
| 2023-11-06 | CVE-2023-35911 | SQL Injection vulnerability in Creative-Solutions Contact Form Generator Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | 9.8 |
| 2023-11-06 | CVE-2023-45069 | SQL Injection vulnerability in Total-Soft Video Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | 9.8 |
| 2023-11-05 | CVE-2023-46981 | SQL Injection vulnerability in Xxyopen Novel-Plus 4.2.0 SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | 9.8 |
| 2023-11-04 | CVE-2023-40922 | SQL Injection vulnerability in Kerawen kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | 9.8 |