High
CVE-2025-64366
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.Th…
Tag: Blind SQL Injection
All CVEs associated with "Blind SQL Injection". Page 3/6 • 644 CVEs.
Subscribe CVEs: RSS for “Blind SQL Injection” · RSS (High+Critical only)
About “Blind SQL Injection”
A curated feed of “Blind SQL Injection”-related CVEs appears below. We currently track 644 CVEs for this tag (all time). In the last 365 days, 296 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 89% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-564 - SQL Injection: Hibernate.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-10-31
Critical
CVE-2025-6520
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606.
2025-10-28
Medium
CVE-2025-62367
Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. T…
High
CVE-2025-11735
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insu…
2025-10-25
High
CVE-2025-4203
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer valida…
2025-10-22
Critical
CVE-2025-49931
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a…
2025-10-16
Medium
CVE-2025-62423
ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exp…
2025-10-15
Medium
CVE-2025-11365
The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to, and including, 1.0 due to insufficient e…
2025-10-14
Critical
CVE-2025-10610
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL In…
2025-10-10
High
CVE-2025-11188
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
2025-10-07
Critical
CVE-2025-0603
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This is…
2025-09-30
High
CVE-2025-8122
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip.…
High
CVE-2025-8121
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip.…
2025-09-26
High
CVE-2025-60109
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL I…
High
CVE-2025-60108
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows…
High
CVE-2025-60107
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows…
2025-09-23
High
CVE-2025-10184
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The us…
2025-09-19
Critical
CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression che…
2025-09-10
Critical
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as sto…
2025-09-09
Critical
CVE-2025-47569
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection…
2025-09-05
Critical
CVE-2025-58628
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from…
High
CVE-2025-58881
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New…
High
CVE-2025-58788
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injec…
2025-09-04
Critical
CVE-2025-7385
Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0…
2025-09-02
Medium
CVE-2025-55476
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL OR…
2025-08-28
High
CVE-2025-49402
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects E…
2025-08-27
Medium
CVE-2025-50984
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_P…
2025-08-20
High
CVE-2025-49891
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: fr…
2025-08-15
High
CVE-2025-49897
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vert…
High
CVE-2025-1929
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Inje…
2025-08-14
Critical
CVE-2025-54678
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects…
High
CVE-2025-49267
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.T…
High
CVE-2025-49033
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injectio…
2025-08-04
Critical
CVE-2025-50341
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially l…
2025-07-29
High
CVE-2025-6495
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and…
2025-07-16
Medium
CVE-2025-20272
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a…
Critical
CVE-2025-24759
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows…
2025-07-07
Critical
CVE-2025-53527
WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue al…
2025-07-04
Critical
CVE-2025-52830
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure – Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Inje…
High
CVE-2025-30947
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup cool-fade-popup allows Blind SQL Injection.This issue affects Cool fade…
2025-06-27
Critical
CVE-2024-12150
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection. This issue affects Wowwo CRM. NOTE: The ve…
Critical
CVE-2025-53091
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox param…
2025-06-26
High
CVE-2025-51672
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote atta…
2025-06-17
Critical
CVE-2025-48274
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects WP Job Port…
Critical
CVE-2025-47573
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from…
Critical
CVE-2025-39479
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification:…
High
CVE-2025-30562
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This…
High
CVE-2025-28972
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injectio…
2025-06-12
Medium
CVE-2025-41233
Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.br…
2025-06-10
Critical
CVE-2025-49455
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue…
2025-06-09
Medium
CVE-2025-30507
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
Critical
CVE-2025-48281
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL…
Critical
CVE-2025-31424
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP…
Critical
CVE-2025-24767
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue…
2025-06-06
High
CVE-2025-49263
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vend…
2025-06-05
Critical
CVE-2025-4568
Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
2025-06-03
Medium
CVE-2025-5103
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1…
2025-05-26
Critical
CVE-2025-40666
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.a…
Critical
CVE-2025-40665
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.…
2025-05-23
Critical
CVE-2025-46539
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n…
Critical
CVE-2025-39504
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Blind SQL Injection.This issue affects Goodlayers H…
Critical
CVE-2025-39501
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Blind SQL Injection.This issue affects Goodlayers…
Critical
CVE-2025-31914
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQ…
2025-05-20
High
CVE-2025-26086
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL…
2025-05-19
High
CVE-2025-43833
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute…
High
CVE-2025-48280
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: f…
2025-05-16
High
CVE-2025-47567
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blin…
Critical
CVE-2025-39481
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through…
Critical
CVE-2025-32643
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue affects WPGYM: from n/a through 65.0.
High
CVE-2025-32306
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin audio4-html5 allows Blind SQL Inje…
2025-05-07
High
CVE-2025-47587
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a throu…
High
CVE-2025-47544
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind…
2025-05-02
Critical
CVE-2025-2812
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket S…
2025-04-25
Low
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /a…
2025-04-23
Critical
CVE-2025-32969
XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context a…
High
CVE-2025-32968
XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution conte…
2025-04-17
High
CVE-2025-29180
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements wit…
High
CVE-2025-39569
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: fr…
2025-04-16
High
CVE-2025-39566
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through <= 1.1.5…
2025-04-15
Medium
CVE-2025-32993
Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed.
2025-04-11
High
CVE-2025-32681
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error…
Critical
CVE-2025-32603
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP O…
High
CVE-2025-32558
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue…
Critical
CVE-2025-31565
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affec…
2025-04-10
High
CVE-2025-32119
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects…
2025-04-09
High
CVE-2025-32677
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This iss…
High
CVE-2025-32676
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects V…
High
CVE-2025-32547
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a thr…
2025-04-04
High
CVE-2025-32124
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Blind SQL Injectio…
High
CVE-2025-32122
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a throu…
High
CVE-2025-32120
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Ea…
Critical
CVE-2025-31403
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL In…
2025-04-03
Critical
CVE-2025-31911
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows B…
2025-04-01
High
CVE-2025-31564
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool a…
2025-03-31
High
CVE-2025-31542
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issu…
2025-03-28
Critical
CVE-2025-22523
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a thro…
High
CVE-2025-31466
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This…
2025-03-27
High
CVE-2025-30810
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Inje…
High
CVE-2025-30765
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPPOOL FlexStock stock-sync-with-google-sheet-for-woocommerce allows Blind SQL Injection.This iss…
2025-03-26
High
CVE-2025-28939
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects W…
High
CVE-2025-28873
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a thro…
2025-03-25
Critical
CVE-2025-28904
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free web-directory-free allows Blind SQL Injection.This issue affects Web…
2025-03-24
High
CVE-2025-30604
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Bli…
2025-03-15
High
CVE-2025-27281
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: fro…
2025-03-14
High
CVE-2024-54447
Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Ac…
High
CVE-2024-54446
Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents…
High
CVE-2024-54445
Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account…
High
CVE-2024-12245
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Accoun…
2025-03-07
Medium
CVE-2025-1768
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the u…
2025-03-03
Critical
CVE-2025-26535
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Bli…
Critical
CVE-2025-25150
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a throu…
2025-02-25
Critical
CVE-2025-26974
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue a…
High
CVE-2025-26971
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a…
High
CVE-2025-26946
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Yelp Review Slider wp-yelp-review-slider allows Blind SQL Injection.This issue affec…
Critical
CVE-2025-26943
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes:…
2025-02-24
High
CVE-2025-27297
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue aff…
2025-02-19
High
CVE-2025-1135
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the Ba…
High
CVE-2025-1134
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the Don…
High
CVE-2025-1133
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees…
High
CVE-2025-1132
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query witho…