CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-30921
HIGH
Tribulant Software Newsletters <4.9.9.7 - SQL Injection
CVSS 7.6
CVE-2025-30879
HIGH
moreconvert MC Woocommerce Wishlist <1.8.9 - SQL Injection
CVSS 7.6
CVE-2025-30843
HIGH
setriosoft bizcalendar-web <1.1.0.34 - SQL Injection
CVSS 7.6
CVE-2025-30819
HIGH
Igor Benic Simple Giveaways <2.48.1 - SQL Injection
CVSS 8.5
CVE-2025-30810
HIGH
Smackcoders Lead Form Data Collection to CRM <3.0.1 - SQL Injection
CVSS 8.5
CVE-2025-30806
HIGH
Vimeotheque <2.3.4.2 - SQL Injection
CVSS 8.5
CVE-2025-30791
HIGH
wpdever Cart tracking <1.0.16 - SQL Injection
CVSS 7.6
CVE-2025-30784
HIGH
WP Shuffle WP Subscription Forms <1.2.3 - SQL Injection
CVSS 8.5
CVE-2025-30775
HIGH
WPGuppy <= 1.1.3 - SQL Injection
CVSS 8.5
CVE-2025-30765
HIGH
WPPOOL FlexStock <3.13.1 - SQL Injection
CVSS 7.6
CVE-2025-2831
MEDIUM
mingyuefusu tushuguanlixitong up to d4836f6 SQL Injection via Book List Parameter
CVSS 6.3
CVE-2025-30217
HIGH
Frappe <14.93.2, 15.55.0 - SQL Injection
CVSS 7.5
CVE-2025-30524
CRITICAL
origincode Product Catalog <1.0.4 - SQL Injection
CVSS 9.3
CVE-2025-28942
CRITICAL
Trust Payments Gateway for WooCommerce <1.1.4 - SQL Injection
CVSS 9.3
CVE-2025-28939
HIGH
NotFound WP Google Calendar Manager <2.1 - SQL Injection
CVSS 8.5
CVE-2025-28898
CRITICAL
NotFound WP Multistore Locator <2.5.2 - SQL Injection
CVSS 9.3
CVE-2025-28873
HIGH
NotFound Shuffle <0.5 - SQL Injection
CVSS 8.5
CVE-2025-26941
CRITICAL
Andy Moyle Church Admin <5.0.18 - SQL Injection
CVSS 9.3
CVE-2025-28904
CRITICAL
Shamalli Web Directory Free <1.7.6 - SQL Injection
CVSS 9.3
CVE-2025-30212
HIGH
Frappe Framework <14.89.0, <15.51.0 - SQL Injection
CVSS 7.5
CVE-2025-2740
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via pagetitle Parameter
CVSS 7.3
CVE-2025-2739
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via sertitle Parameter
CVSS 7.3
CVE-2025-2738
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via namesc Parameter
CVSS 7.3
CVE-2025-2737
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via Contactus Pagetitle Parameter
CVSS 7.3
CVE-2025-2736
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High