CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,634 vulnerabilities with CWE-89
CVE-2025-32993
MEDIUM
Vision Helpdesk <5.7.0 - SQL Injection
CVSS 6.5
CVE-2025-3470
MEDIUM
TS Poll - Survey, Versus Poll, Image Poll, Video Poll <2.4.6 - SQL ...
CVSS 4.9
CVE-2025-3589
MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via manage_class.php ID Parameter
CVSS 6.3
CVE-2025-22371
CRITICAL
SicommNet BASEC - Unauthenticated SQL Injection via Login Page
CVE-2025-3571
MEDIUM
Fannuo Enterprise Content Management System 1.1/4.0 - SQL Injection
CVSS 6.3
CVE-2025-3559
MEDIUM
ghostxbh uzy-ssm-mall 1.0.0 - SQL Injection via ForeProductListController orderBy Parameter
CVSS 6.3
CVE-2025-3553
MEDIUM
phpshe 1.8 - SQL Injection via brand_id[] Parameter in admin.php
CVSS 6.3
CVE-2025-3534
MEDIUM
PowerCreator CMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2128
MEDIUM
WordPress Cost Calculator Builder <3.2.67 - SQL Injection
CVSS 6.5
CVE-2025-32681
HIGH
WP Guru Error Log Viewer <1.0.5 - SQL Injection
CVSS 8.5
CVE-2025-32650
HIGH
Accessibility Suite by Online ADA <4.18 - SQL Injection
CVSS 8.5
CVE-2025-32618
HIGH
PickPlugins Wishlist <1.0.43 - SQL Injection
CVSS 8.5
CVE-2025-32603
CRITICAL
HK WP Online Users Stats <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-32567
HIGH
dev02ali Easy Post Duplicator <1.0.1 - SQL Injection
CVSS 8.5
CVE-2025-32565
CRITICAL
Neon Product Designer <2.1.1 - SQL Injection
CVSS 9.3
CVE-2025-32558
HIGH
Duplicate Title Checker <1.2 - SQL Injection
CVSS 8.5
CVE-2025-31599
CRITICAL
N-Media Bulk Product Sync <8.6 - SQL Injection
CVSS 9.3
CVE-2025-31565
CRITICAL
WPSmartContracts <2.0.10 - SQL Injection
CVSS 9.3
CVE-2025-32687
HIGH
Magnigenie Review Stars Count For WooCommerce <2.0 - SQL Injection
CVSS 8.5
CVE-2025-32128
HIGH
aaronfrey Nearby Locations <1.1.1 - SQL Injection
CVSS 7.6
CVE-2025-32119
HIGH
CardGate Payments for WooCommerce <3.2.1 - SQL Injection
CVSS 8.2
CVE-2025-32685
HIGH
Aristo Rinjuang WP Inquiries <0.2.1 - SQL Injection
CVSS 7.6
CVE-2025-32677
HIGH
WP Social Stream Designer <1.3 - SQL Injection
CVSS 7.6
CVE-2025-32676
HIGH
Verowa Connect <3.0.5 - SQL Injection
CVSS 7.6
CVE-2025-32550
HIGH
Click&pledge Connect Plugin <WP6.6.1 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,634
Exploit Likelihood
High