VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 133 of 512
  • CVE-2025-49854HigJun 17, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim SEO: from n/a through <= 4.5.4.

  • CVE-2025-28972HigJun 17, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5.

  • CVE-2025-49421HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander wp-text-expander allows SQL Injection.This issue affects WP Text Expander: from n/a through <= 1.0.1.

  • CVE-2025-49328HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.5.1.

  • CVE-2025-49327HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through <= 1.0.7.

  • CVE-2025-49326HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through <= 7.4.5.

  • CVE-2025-49315HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.10.

  • CVE-2025-49263HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through <= 2.5.6.

  • CVE-2025-30989HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows SQL Injection.This issue affects Libro de Reclamaciones y Quejas: from n/a through <= 0.9.

  • CVE-2025-26590HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through <= 3.5.1.

  • CVE-2023-26003HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.

  • CVE-2025-5287HigMay 28, 2025
    risk 0.49cvss 7.5epss 0.02

    The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2025-47671HigMay 23, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0.

  • CVE-2025-43833HigMay 19, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1.

  • CVE-2025-39370HigMay 19, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n/a through <= 1.8.3.

  • CVE-2025-48280HigMay 19, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.1.3.

  • CVE-2025-47567HigMay 16, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background:…

  • CVE-2024-10864HigMay 14, 2025
    risk 0.49cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5

  • CVE-2025-4396HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.03

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and…

  • CVE-2025-47643HigMay 7, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.