Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-05 | CVE-2024-13778 | The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-05 | CVE-2024-13809 | The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-04 | CVE-2024-9149 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5. | 8.6 |
| 2025-03-04 | CVE-2025-1321 | SQL Injection vulnerability in Mtrv Teachpress The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2025-03-03 | CVE-2024-51962 | SQL Injection vulnerability in Esri Arcgis Server 10.9.1/11.1 A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges. There is a high impact to integrity and confidentiality and no impact to availability. | 9.6 |
| 2025-03-03 | CVE-2025-26988 | SQL Injection vulnerability in Cozyvision SMS Alert Order Notifications Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. | 7.5 |
| 2025-03-03 | CVE-2025-1869 | SQL Injection vulnerability in Mayurik Best Online News Portal 1.0 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php. | 9.8 |
| 2025-03-03 | CVE-2025-1870 | SQL Injection vulnerability in Mayurik Best Online News Portal 1.0 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php. | 9.8 |
| 2025-03-03 | CVE-2025-1871 | SQL Injection vulnerability in Mayurik Best Online News Portal 1.0 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php. | 9.8 |
| 2025-03-03 | CVE-2025-1872 | SQL Injection vulnerability in Mayurik Best Online News Portal 1.0 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php. | 9.8 |