Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-09	CVE-2024-12067	The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	6.5
2025-01-09	CVE-2025-0347	SQL Injection vulnerability in Anisha Admission Management System 1.0 A vulnerability was found in code-projects Admission Management System 1.0. network low complexity anisha CWE-89 critical	9.8
2025-01-09	CVE-2025-0340	SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0 A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. network low complexity code-projects CWE-89 critical	9.8
2025-01-08	CVE-2024-11939	The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	7.5
2025-01-08	CVE-2024-12030	SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity pluginus CWE-89	6.5
2025-01-07	CVE-2024-12157	The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	7.5
2025-01-07	CVE-2024-12332	The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	6.5
2025-01-07	CVE-2024-11437	The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	4.9
2025-01-07	CVE-2024-12416	The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	7.5
2025-01-05	CVE-2025-0233	SQL Injection vulnerability in Codezips Project Management System 1.0 A vulnerability was found in Codezips Project Management System 1.0. network low complexity codezips CWE-89 critical	9.8