CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,731 vulnerabilities with CWE-89
CVE-2023-35915
HIGH
WooPayments < 5.9.0 - SQL Injection
CVSS 7.6
CVE-2023-33330
HIGH
WooCommerce AutomateWoo <4.9.50 - SQL Injection
CVSS 8.5
CVE-2023-33209
HIGH
CrawlSpider SEO Change Monitor - SQL Injection
CVSS 8.5
CVE-2023-32743
HIGH
WooCommerce AutomateWoo <= 5.7.1 - SQL Injection
CVSS 7.6
CVE-2023-32128
MEDIUM
Cryptocurrency Payment & Donation Box < 2.2.7 - SQL Injection
CVSS 5.5
CVE-2023-31092
MEDIUM
Foxskav Easy Bet <1.0.2 - SQL Injection
CVSS 5.5
CVE-2023-47852
HIGH
Link Whisper Free < 0.6.5 - SQL Injection
CVSS 8.5
CVE-2023-40010
CRITICAL
HUSKY - Products Filter for WooCommerce Professional <= 1.3.4.2 - SQL Injection
CVSS 9.3
CVE-2023-32590
CRITICAL
Subscribe to Category < 2.7.4 - SQL Injection
CVSS 9.3
CVE-2023-47236
HIGH
iPages Flipbook For WordPress <= 1.4.8 - SQL Injection
CVSS 7.6
CVE-2023-38519
HIGH
MainWP Dashboard - WordPress Manager <4.4.3.3 - SQL Injection
CVSS 7.6
CVE-2023-49764
HIGH
Advanced Database Cleaner < 3.1.2 - SQL Injection
CVSS 7.6
CVE-2023-49750
CRITICAL
Spoonthemes Couponis < 2.2 - SQL Injection
CVSS 9.3
CVE-2023-48764
HIGH
GuardGiant Brute Force Protection < 2.2.5 - SQL Injection
CVSS 7.6
CVE-2023-48741
HIGH
QuantumCloud AI ChatBot <4.7.8 - SQL Injection
CVSS 7.6
CVE-2023-48738
CRITICAL
Porto Theme <2.12.1 - SQL Injection
CVSS 9.3
CVE-2023-48327
HIGH
WC Vendors < 2.4.7 - SQL Injection
CVSS 7.6
CVE-2023-49736
MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
CVSS 6.5
CVE-2023-47558
HIGH
Who Hit The Page - Hit Counter <= 1.4.14.3 - SQL Injection
CVSS 7.6
CVE-2023-47530
HIGH
WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - SQL Injection
CVSS 7.6
CVE-2023-47506
HIGH
Master Slider Pro < 3.6.5 - Authenticated SQL Injection
CVSS 7.6
CVE-2023-34168
HIGH
Alex Raven WP Report Post <2.1.2 - SQL Injection
CVSS 7.6
CVE-2023-33331
HIGH
WooCommerce Product Vendors <2.1.76 - SQL Injection
CVSS 8.5
CVE-2023-6903
HIGH
Netentsec NS-ASG Application Security Gateway 6.3.1 - SQL Injection via loginId Parameter
CVSS 7.3
CVE-2023-6898
MEDIUM
Best Courier Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 5.5
Details
Vulnerabilities
19,731
Exploit Likelihood
High