CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-30921 HIGH
Tribulant Software Newsletters <4.9.9.7 - SQL Injection
CVSS 7.6
CVE-2025-30879 HIGH
moreconvert MC Woocommerce Wishlist <1.8.9 - SQL Injection
CVSS 7.6
CVE-2025-30843 HIGH
setriosoft bizcalendar-web <1.1.0.34 - SQL Injection
CVSS 7.6
CVE-2025-30819 HIGH
Igor Benic Simple Giveaways <2.48.1 - SQL Injection
CVSS 8.5
CVE-2025-30810 HIGH
Smackcoders Lead Form Data Collection to CRM <3.0.1 - SQL Injection
CVSS 8.5
CVE-2025-30806 HIGH
Vimeotheque <2.3.4.2 - SQL Injection
CVSS 8.5
CVE-2025-30791 HIGH
wpdever Cart tracking <1.0.16 - SQL Injection
CVSS 7.6
CVE-2025-30784 HIGH
WP Shuffle WP Subscription Forms <1.2.3 - SQL Injection
CVSS 8.5
CVE-2025-30775 HIGH
WPGuppy <= 1.1.3 - SQL Injection
CVSS 8.5
CVE-2025-30765 HIGH
WPPOOL FlexStock <3.13.1 - SQL Injection
CVSS 7.6
CVE-2025-2831 MEDIUM
mingyuefusu tushuguanlixitong up to d4836f6 SQL Injection via Book List Parameter
CVSS 6.3
CVE-2025-30217 HIGH
Frappe <14.93.2, 15.55.0 - SQL Injection
CVSS 7.5
CVE-2025-30524 CRITICAL
origincode Product Catalog <1.0.4 - SQL Injection
CVSS 9.3
CVE-2025-28942 CRITICAL
Trust Payments Gateway for WooCommerce <1.1.4 - SQL Injection
CVSS 9.3
CVE-2025-28939 HIGH
NotFound WP Google Calendar Manager <2.1 - SQL Injection
CVSS 8.5
CVE-2025-28898 CRITICAL
NotFound WP Multistore Locator <2.5.2 - SQL Injection
CVSS 9.3
CVE-2025-28873 HIGH
NotFound Shuffle <0.5 - SQL Injection
CVSS 8.5
CVE-2025-26941 CRITICAL
Andy Moyle Church Admin <5.0.18 - SQL Injection
CVSS 9.3
CVE-2025-28904 CRITICAL
Shamalli Web Directory Free <1.7.6 - SQL Injection
CVSS 9.3
CVE-2025-30212 HIGH
Frappe Framework <14.89.0, <15.51.0 - SQL Injection
CVSS 7.5
CVE-2025-2740 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via pagetitle Parameter
CVSS 7.3
CVE-2025-2739 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via sertitle Parameter
CVSS 7.3
CVE-2025-2738 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via namesc Parameter
CVSS 7.3
CVE-2025-2737 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via Contactus Pagetitle Parameter
CVSS 7.3
CVE-2025-2736 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
Details
Vulnerabilities 19,636
Exploit Likelihood High