CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,731 vulnerabilities with CWE-89
CVE-2023-35915 HIGH
WooPayments < 5.9.0 - SQL Injection
CVSS 7.6
CVE-2023-33330 HIGH
WooCommerce AutomateWoo <4.9.50 - SQL Injection
CVSS 8.5
CVE-2023-33209 HIGH
CrawlSpider SEO Change Monitor - SQL Injection
CVSS 8.5
CVE-2023-32743 HIGH
WooCommerce AutomateWoo <= 5.7.1 - SQL Injection
CVSS 7.6
CVE-2023-32128 MEDIUM
Cryptocurrency Payment & Donation Box < 2.2.7 - SQL Injection
CVSS 5.5
CVE-2023-31092 MEDIUM
Foxskav Easy Bet <1.0.2 - SQL Injection
CVSS 5.5
CVE-2023-47852 HIGH
Link Whisper Free < 0.6.5 - SQL Injection
CVSS 8.5
CVE-2023-40010 CRITICAL
HUSKY - Products Filter for WooCommerce Professional <= 1.3.4.2 - SQL Injection
CVSS 9.3
CVE-2023-32590 CRITICAL
Subscribe to Category < 2.7.4 - SQL Injection
CVSS 9.3
CVE-2023-47236 HIGH
iPages Flipbook For WordPress <= 1.4.8 - SQL Injection
CVSS 7.6
CVE-2023-38519 HIGH
MainWP Dashboard - WordPress Manager <4.4.3.3 - SQL Injection
CVSS 7.6
CVE-2023-49764 HIGH
Advanced Database Cleaner < 3.1.2 - SQL Injection
CVSS 7.6
CVE-2023-49750 CRITICAL
Spoonthemes Couponis < 2.2 - SQL Injection
CVSS 9.3
CVE-2023-48764 HIGH
GuardGiant Brute Force Protection < 2.2.5 - SQL Injection
CVSS 7.6
CVE-2023-48741 HIGH
QuantumCloud AI ChatBot <4.7.8 - SQL Injection
CVSS 7.6
CVE-2023-48738 CRITICAL
Porto Theme <2.12.1 - SQL Injection
CVSS 9.3
CVE-2023-48327 HIGH
WC Vendors < 2.4.7 - SQL Injection
CVSS 7.6
CVE-2023-49736 MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
CVSS 6.5
CVE-2023-47558 HIGH
Who Hit The Page - Hit Counter <= 1.4.14.3 - SQL Injection
CVSS 7.6
CVE-2023-47530 HIGH
WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - SQL Injection
CVSS 7.6
CVE-2023-47506 HIGH
Master Slider Pro < 3.6.5 - Authenticated SQL Injection
CVSS 7.6
CVE-2023-34168 HIGH
Alex Raven WP Report Post <2.1.2 - SQL Injection
CVSS 7.6
CVE-2023-33331 HIGH
WooCommerce Product Vendors <2.1.76 - SQL Injection
CVSS 8.5
CVE-2023-6903 HIGH
Netentsec NS-ASG Application Security Gateway 6.3.1 - SQL Injection via loginId Parameter
CVSS 7.3
CVE-2023-6898 MEDIUM
Best Courier Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 5.5
Details
Vulnerabilities 19,731
Exploit Likelihood High