CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-33927 HIGH
Themeisle Multiple Page Generator Plugin - SQL Injection
CVSS 7.6
CVE-2023-31212 HIGH
CRM Perks Database for Contact Form 7, WPforms, Elementor forms < 1.3.0 - Authenticated SQL Injection
CVSS 8.5
CVE-2023-24410 MEDIUM
Contact Form - WPManageNinja LLC <4.3.25 - SQL Injection
CVSS 5.5
CVE-2023-28777 HIGH
LearnDash LMS <4.5.3 - SQL Injection
CVSS 8.5
CVE-2023-25047 MEDIUM
RSVPMaker < 9.9.3 - SQL Injection
CVSS 5.5
CVE-2023-25045 MEDIUM
RSVPMaker < 9.9.3 - SQL Injection
CVSS 6.7
CVE-2023-24000 HIGH
GamiPress < 2.5.7 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-5464 HIGH
gopiplus jquery_accordion_slideshow <= 8.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5439 HIGH
Wp photo text slider 50 <= 8.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5438 HIGH
WP Image Slideshow <= 12.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5437 HIGH
WP fade in text news <= 12.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5436 HIGH
Vertical marquee plugin <= 7.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5435 HIGH
Up down image slideshow gallery <= 12.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5434 HIGH
Superb slideshow gallery < 13.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5433 HIGH
Message ticker < 9.2 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5431 HIGH
Left right image slideshow gallery <= 12.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5430 HIGH
Jquery news ticker < 3.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5429 HIGH
Information Reel <= 10.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5428 HIGH
Image vertical reel scroll slideshow < 9.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5412 HIGH
Image horizontal reel scroll slideshow < 13.3 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-45996 HIGH
Senayan Library Management Systems <9-9.6.1 - SQL Injection
CVSS 8.8
CVE-2023-36263 CRITICAL
Prestashop opartlimitquantity <1.4.5 - SQL Injection
CVSS 9.8
CVE-2023-46356 CRITICAL
Bl Modules for PrestaShop <2.6.1 - SQL Injection
CVSS 9.8
CVE-2023-45378 CRITICAL
PrestaBlog < 4.4.8 - Unauthenticated SQL Injection via ajax slider_positions.php
CVSS 9.8
CVE-2023-27846 CRITICAL
themevolty theme_volty_cms_blog < 4.0.8 - SQL Injection via tvcmsblog Component
CVSS 9.8
Details
Vulnerabilities 19,735
Exploit Likelihood High