Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-19 | CVE-2025-2511 | The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2025-03-18 | CVE-2024-8997 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025. | 9.8 |
| 2025-03-17 | CVE-2025-2419 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0 A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. | 7.5 |
| 2025-03-17 | CVE-2025-2385 | SQL Injection vulnerability in Code-Projects Modern BAG 1.0 A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. | 9.8 |
| 2025-03-17 | CVE-2025-2386 | SQL Injection vulnerability in PHPgurukul Local Services Search Engine Management System 1.0 A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. | 9.8 |
| 2025-03-17 | CVE-2025-2383 | SQL Injection vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. | 9.8 |
| 2025-03-17 | CVE-2025-2384 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0 A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. | 7.5 |
| 2025-03-15 | CVE-2019-25222 | SQL Injection vulnerability in I13Websolution Thumbnail Carousel Slider The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2025-03-15 | CVE-2025-1669 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-15 | CVE-2025-1670 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |