Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,395 vulnerabilities with CWE-89

CVE-2026-52700 HIGH

WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

CVE-2026-52697 HIGH

WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

CVE-2026-52693 CRITICAL

WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

CVE-2026-49776 CRITICAL

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability

CVE-2026-49067 CRITICAL

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

CVE-2026-48964 HIGH

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

CVE-2026-48886 CRITICAL

WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability

CVE-2026-48882 HIGH

WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

CVE-2026-48874 HIGH

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

CVE-2026-45439 CRITICAL

WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

CVE-2026-42665 CRITICAL

WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

CVE-2026-42639 CRITICAL

WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

CVE-2026-42386 CRITICAL

WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

CVE-2026-42381 CRITICAL

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

CVE-2026-40798 CRITICAL

WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

CVE-2026-40771 CRITICAL

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

CVE-2026-40766 HIGH

WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

CVE-2026-40762 HIGH

WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

CVE-2026-39530 CRITICAL

WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

CVE-2026-39519 CRITICAL

WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

CVE-2026-39512 CRITICAL

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

CVE-2026-39511 CRITICAL

WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

CVE-2026-39502 CRITICAL

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

CVE-2026-39493 CRITICAL

WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

CVE-2026-39492 CRITICAL

WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

Page 1 of 776 Next

Details

Vulnerabilities 19,395

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy