CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,850)

page 101 of 443

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-34386	WordPress Wp Auto Affiliate Links	Hig	0.49	7.6	0.00	May 6, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
CVE-2024-32602	Onthegosystems Woocommerce Multilingual \& Multicurrency	Hig	0.49	7.6	0.00	Apr 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
CVE-2024-32551	WordPress Sp Client Document Manager	Hig	0.49	7.6	0.00	Apr 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
CVE-2024-32135	WordPress Disable Comments Wpz	Hig	0.49	7.6	0.00	Apr 15, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments \| WPZest.This issue affects Disable Comments \| WPZest: from n/a through 1.51.
CVE-2024-32134	WordPress Forms To Zapier	Hig	0.49	7.6	0.00	Apr 15, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12.
CVE-2024-32132	WordPress Cbxwpbookmark	Hig	0.49	7.6	0.00	Apr 15, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20.
CVE-2024-32098	WordPress Advanced Page Visit Counter	Hig	0.49	7.6	0.00	Apr 15, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6.
CVE-2024-32087	Adtribes Product Feed Pro For Woocommerce	Hig	0.49	7.6	0.00	Apr 15, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7.
CVE-2024-31356	—	Hig	0.49	7.6	0.00	Apr 10, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.
CVE-2024-31260	Wisdmlabs Edwiser Bridge	Hig	0.49	7.6	0.00	Apr 7, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.
CVE-2024-31241	WordPress Learnpress Import Export	Hig	0.49	7.6	0.00	Apr 7, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.
CVE-2024-31025	—	Hig	0.49	7.5	0.00	Apr 4, 2024	SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.
CVE-2024-31116	WordPress Wd Google Maps	Hig	0.49	7.6	0.00	Mar 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.
CVE-2024-30504	Wptravelengine Wp Travel Engine	Hig	0.49	7.6	0.01	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
CVE-2024-30501	Wpchill Download Monitor	Hig	0.49	7.6	0.01	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.
CVE-2024-30495	Faboba Falang	Hig	0.49	7.6	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.
CVE-2024-30494	WordPress Oss Aliyun	Hig	0.49	7.6	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.
CVE-2024-30478	Rocksolidplugins Bulletin	Hig	0.49	7.6	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5.
CVE-2024-25924	WordPress Testimonial Widgets	Hig	0.49	7.6	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
CVE-2024-30245	WordPress Decalog	Hig	0.49	7.6	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.

CVE-2024-34386HigMay 6, 2024
WordPress
Wp Auto Affiliate Links
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
CVE-2024-32602HigApr 18, 2024
Onthegosystems
Woocommerce Multilingual \& Multicurrency
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
CVE-2024-32551HigApr 18, 2024
WordPress
Sp Client Document Manager
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
CVE-2024-32135HigApr 15, 2024
WordPress
Disable Comments Wpz
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.
CVE-2024-32134HigApr 15, 2024
WordPress
Forms To Zapier
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12.
CVE-2024-32132HigApr 15, 2024
WordPress
Cbxwpbookmark
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20.
CVE-2024-32098HigApr 15, 2024
WordPress
Advanced Page Visit Counter
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6.
CVE-2024-32087HigApr 15, 2024
Adtribes
Product Feed Pro For Woocommerce
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7.
CVE-2024-31356HigApr 10, 2024
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.
CVE-2024-31260HigApr 7, 2024
Wisdmlabs
Edwiser Bridge
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.
CVE-2024-31241HigApr 7, 2024
WordPress
Learnpress Import Export
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.
CVE-2024-31025HigApr 4, 2024
risk 0.49cvss 7.5epss 0.00
SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.
CVE-2024-31116HigMar 31, 2024
WordPress
Wd Google Maps
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.
CVE-2024-30504HigMar 29, 2024
Wptravelengine
Wp Travel Engine
risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
CVE-2024-30501HigMar 29, 2024
Wpchill
Download Monitor
risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.
CVE-2024-30495HigMar 29, 2024
Faboba
Falang
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.
CVE-2024-30494HigMar 29, 2024
WordPress
Oss Aliyun
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.
CVE-2024-30478HigMar 29, 2024
Rocksolidplugins
Bulletin
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5.
CVE-2024-25924HigMar 28, 2024
WordPress
Testimonial Widgets
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
CVE-2024-30245HigMar 28, 2024
WordPress
Decalog
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.