Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-18 | CVE-2024-13184 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-18 | CVE-2025-0308 | SQL Injection vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-17 | CVE-2025-0541 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-17 | CVE-2025-0540 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-17 | CVE-2025-0536 | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0 A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
| 2025-01-17 | CVE-2025-0531 | SQL Injection vulnerability in Fabianros Chat System 1.0 A vulnerability was found in code-projects Chat System 1.0 and classified as critical. | 7.5 |
| 2025-01-17 | CVE-2025-0527 | SQL Injection vulnerability in Anisha Admission Management System 1.0 A vulnerability classified as critical was found in code-projects Admission Management System 1.0. | 9.8 |
| 2025-01-16 | CVE-2024-57769 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. | 8.8 |
| 2025-01-16 | CVE-2024-57770 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. | 8.8 |
| 2025-01-16 | CVE-2024-57775 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 8.8 |