Vulnerabilities (CVE)

Filtered by CWE-89
Total 19556 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49421 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander wp-text-expander allows SQL Injection.This issue affects WP Text Expander: from n/a through <= 1.0.1.
CVE-2025-49404 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7.
CVE-2025-49402 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.
CVE-2025-49378 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10.
CVE-2025-49328 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.5.1.
CVE-2025-49327 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through <= 1.0.7.
CVE-2025-49326 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through <= 7.4.5.
CVE-2025-49323 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10.
CVE-2025-49315 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.10.
CVE-2025-49267 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.3.
CVE-2025-49263 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through <= 2.5.6.
CVE-2025-49218 2 Microsoft, Trendmicro 2 Windows, Trend Micro Endpoint Encryption 2026-06-17 N/A 7.7 HIGH
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49215 2 Microsoft, Trendmicro 2 Windows, Trend Micro Endpoint Encryption 2026-06-17 N/A 8.8 HIGH
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49211 2 Microsoft, Trendmicro 2 Windows, Trend Micro Endpoint Encryption 2026-06-17 N/A 7.7 HIGH
A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49059 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20.
CVE-2025-49055 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.
CVE-2025-49050 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.
CVE-2025-49049 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39.
CVE-2025-49034 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.10.2.
CVE-2025-49033 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.