VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-14
CVE-2024-11710
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2024-12-14
CVE-2024-11711
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2024-12-14
CVE-2024-11713
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2024-12-14
CVE-2024-11714
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2024-12-13
CVE-2019-25221
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-12
CVE-2024-12406
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-12
CVE-2024-11430
The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-12
CVE-2024-12492
SQL Injection vulnerability in Anisha Farmacia 1.0
A vulnerability was found in code-projects Farmacia 1.0.
network
low complexity
anisha
CWE-89
8.8
8.8
2024-12-12
CVE-2024-12497
SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects
CWE-89
critical
9.8
9.8
2024-12-12
CVE-2024-12479
SQL Injection vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical.
network
low complexity
cjbi
CWE-89
8.8
8.8
«
Previous
1
2
...
5
6
7
(current)
8
9
...
619
620
»
Next