Total
18668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39510 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0. | |||||
| CVE-2025-41005 | 2026-04-15 | N/A | N/A | ||
| Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’. | |||||
| CVE-2021-47782 | 2026-04-15 | N/A | 8.2 HIGH | ||
| Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate PostgreSQL database queries and potentially extract sensitive information. | |||||
| CVE-2025-47490 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows SQL Injection.This issue affects Ultimate WP Mail: from n/a through <= 1.3.4. | |||||
| CVE-2025-32685 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1. | |||||
| CVE-2024-34988 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().` | |||||
| CVE-2025-40628 | 2026-04-15 | N/A | N/A | ||
| SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint. | |||||
| CVE-2025-3470 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-5311 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records. | |||||
| CVE-2025-32681 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5. | |||||
| CVE-2025-11972 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-39504 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Blind SQL Injection.This issue affects Goodlayers Hotel: from n/a through <= 3.1.4. | |||||
| CVE-2025-46455 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1. | |||||
| CVE-2024-54820 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input. | |||||
| CVE-2025-11691 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled. | |||||
| CVE-2024-12416 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-52832 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1. | |||||
| CVE-2025-31024 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: from n/a through <= 0.6.1. | |||||
| CVE-2025-32125 | 2026-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows SQL Injection.This issue affects Silvasoft boekhouden: from n/a through <= 3.0.6. | |||||
| CVE-2024-58290 | 2026-04-15 | N/A | N/A | ||
| Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or manipulate database information by sending crafted payloads to the collections page. | |||||