Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-04-16 CVE-2025-3684 SQL Injection vulnerability in Xianqi Kindergarten Management System 2.0
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808.
network
low complexity
xianqi CWE-89
critical
9.8
2025-04-16 CVE-2025-3676 SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen CWE-89
critical
9.8
2025-04-15 CVE-2025-3470 The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
2025-04-11 CVE-2025-2128 The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
2025-04-10 CVE-2024-13909 The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
2025-04-08 CVE-2025-3436 The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
2025-04-08 CVE-2019-25223 The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
2025-04-08 CVE-2025-3427 The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
2025-04-08 CVE-2025-3428 The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
2025-04-08 CVE-2025-3429 The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9