CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,634 vulnerabilities with CWE-89
CVE-2025-32993 MEDIUM
Vision Helpdesk <5.7.0 - SQL Injection
CVSS 6.5
CVE-2025-3470 MEDIUM
TS Poll - Survey, Versus Poll, Image Poll, Video Poll <2.4.6 - SQL ...
CVSS 4.9
CVE-2025-3589 MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via manage_class.php ID Parameter
CVSS 6.3
CVE-2025-22371 CRITICAL
SicommNet BASEC - Unauthenticated SQL Injection via Login Page
CVE-2025-3571 MEDIUM
Fannuo Enterprise Content Management System 1.1/4.0 - SQL Injection
CVSS 6.3
CVE-2025-3559 MEDIUM
ghostxbh uzy-ssm-mall 1.0.0 - SQL Injection via ForeProductListController orderBy Parameter
CVSS 6.3
CVE-2025-3553 MEDIUM
phpshe 1.8 - SQL Injection via brand_id[] Parameter in admin.php
CVSS 6.3
CVE-2025-3534 MEDIUM
PowerCreator CMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2128 MEDIUM
WordPress Cost Calculator Builder <3.2.67 - SQL Injection
CVSS 6.5
CVE-2025-32681 HIGH
WP Guru Error Log Viewer <1.0.5 - SQL Injection
CVSS 8.5
CVE-2025-32650 HIGH
Accessibility Suite by Online ADA <4.18 - SQL Injection
CVSS 8.5
CVE-2025-32618 HIGH
PickPlugins Wishlist <1.0.43 - SQL Injection
CVSS 8.5
CVE-2025-32603 CRITICAL
HK WP Online Users Stats <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-32567 HIGH
dev02ali Easy Post Duplicator <1.0.1 - SQL Injection
CVSS 8.5
CVE-2025-32565 CRITICAL
Neon Product Designer <2.1.1 - SQL Injection
CVSS 9.3
CVE-2025-32558 HIGH
Duplicate Title Checker <1.2 - SQL Injection
CVSS 8.5
CVE-2025-31599 CRITICAL
N-Media Bulk Product Sync <8.6 - SQL Injection
CVSS 9.3
CVE-2025-31565 CRITICAL
WPSmartContracts <2.0.10 - SQL Injection
CVSS 9.3
CVE-2025-32687 HIGH
Magnigenie Review Stars Count For WooCommerce <2.0 - SQL Injection
CVSS 8.5
CVE-2025-32128 HIGH
aaronfrey Nearby Locations <1.1.1 - SQL Injection
CVSS 7.6
CVE-2025-32119 HIGH
CardGate Payments for WooCommerce <3.2.1 - SQL Injection
CVSS 8.2
CVE-2025-32685 HIGH
Aristo Rinjuang WP Inquiries <0.2.1 - SQL Injection
CVSS 7.6
CVE-2025-32677 HIGH
WP Social Stream Designer <1.3 - SQL Injection
CVSS 7.6
CVE-2025-32676 HIGH
Verowa Connect <3.0.5 - SQL Injection
CVSS 7.6
CVE-2025-32550 HIGH
Click&pledge Connect Plugin <WP6.6.1 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,634
Exploit Likelihood High