| 2024-12-25 | CVE-2024-12032 | The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-24 | CVE-2024-10856 | The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-24 | CVE-2024-11726 | The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-24 | CVE-2024-12031 | The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-23 | CVE-2024-45387 | SQL Injection vulnerability in Apache Traffic Control 8.0.0/8.0.1
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | 8.8 |
| 2024-12-23 | CVE-2024-12898 | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
| 2024-12-23 | CVE-2024-12899 | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
| 2024-12-22 | CVE-2024-12895 | SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. | 9.8 |
| 2024-12-22 | CVE-2024-12894 | SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. | 9.8 |
| 2024-12-21 | CVE-2024-12884 | SQL Injection vulnerability in Codezips E-Commerce Site 1.0
A vulnerability was found in Codezips E-Commerce Website 1.0. | 9.8 |