Vulnerabilities (CVE)

Filtered by CWE-89
Total 19556 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-48118 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment wc-partial-shipment allows SQL Injection.This issue affects Woocommerce Partial Shipment: from n/a through <= 3.2.
CVE-2025-48091 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6.
CVE-2025-48089 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.
CVE-2025-47954 1 Microsoft 1 Sql Server 2022 2026-06-17 N/A 8.8 HIGH
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-47902 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2026-06-17 N/A 8.8 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
CVE-2025-47785 1 Emlog 1 Emlog 2026-06-17 N/A 8.3 HIGH
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.
CVE-2025-47682 1 Cozyvision 1 Sms Alert Order Notifications 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.1.
CVE-2025-47671 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0.
CVE-2025-47657 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects Productive Commerce: from n/a through <= 1.1.40.
CVE-2025-47651 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.
CVE-2025-47645 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through <= 1.4.9.
CVE-2025-47643 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.
CVE-2025-47640 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.0.
CVE-2025-47608 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5.
CVE-2025-47599 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.This issue affects Facturante: from n/a through <= 1.11.
CVE-2025-47587 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.4.
CVE-2025-47575 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47573 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47569 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6.
CVE-2025-47567 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through <= 2.4.1.