| 2025-01-19 | CVE-2025-0561 | SQL Injection vulnerability in Angeljudesuarez Farm Management System 1.0
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-18 | CVE-2024-13184 | The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-18 | CVE-2025-0308 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-17 | CVE-2025-0540 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 9.8 |
| 2025-01-16 | CVE-2024-57769 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. | 8.8 |
| 2025-01-16 | CVE-2024-57770 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. | 8.8 |
| 2025-01-16 | CVE-2024-57775 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 8.8 |
| 2025-01-16 | CVE-2024-12613 | SQL Injection vulnerability in Hirewebxperts Passwords Manager
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-16 | CVE-2024-12615 | SQL Injection vulnerability in Hirewebxperts Passwords Manager
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-16 | CVE-2025-0455 | The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. network low complexity CWE-89 critical | 9.8 |