VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-16
CVE-2025-3684
SQL Injection vulnerability in Xianqi Kindergarten Management System 2.0
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808.
network
low complexity
xianqi
CWE-89
critical
9.8
9.8
2025-04-16
CVE-2025-3676
SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen
CWE-89
critical
9.8
9.8
2025-04-15
CVE-2025-3470
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-11
CVE-2025-2128
The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-04-10
CVE-2024-13909
The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-08
CVE-2025-3436
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-04-08
CVE-2019-25223
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-08
CVE-2025-3427
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-08
CVE-2025-3428
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-08
CVE-2025-3429
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
«
Previous
1
2
...
6
7
8
(current)
9
10
...
667
668
»
Next