Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2025-0872 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2025-01-30 | CVE-2024-13596 | SQL Injection vulnerability in Modalsurvey Wordpress Survey and Poll The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-30 | CVE-2025-0861 | SQL Injection vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2025-01-30 | CVE-2025-0847 | SQL Injection vulnerability in 1000Projects Employee Task Management System 1.0 A vulnerability was found in 1000 Projects Employee Task Management System 1.0. | 9.8 |
| 2025-01-30 | CVE-2025-0846 | SQL Injection vulnerability in 1000Projects Employee Task Management System 1.0 A vulnerability was found in 1000 Projects Employee Task Management System 1.0. | 9.8 |
| 2025-01-29 | CVE-2025-0843 | SQL Injection vulnerability in Needyamin Library Card System 1.0 A vulnerability was found in needyamin Library Card System 1.0. | 9.8 |
| 2025-01-29 | CVE-2025-0803 | SQL Injection vulnerability in Gymmanagementsystem GYM Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-01-28 | CVE-2024-11135 | SQL Injection vulnerability in Jyothisjoy Eventer The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-28 | CVE-2023-50316 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. | 6.3 |
| 2025-01-26 | CVE-2024-10628 | The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |