CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 133 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49854 | Hig | 0.49 | 7.6 | 0.00 | Jun 17, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim SEO: from n/a through <= 4.5.4. | ||
| CVE-2025-28972 | Hig | 0.49 | 7.6 | 0.00 | Jun 17, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5. | ||
| CVE-2025-49421 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander wp-text-expander allows SQL Injection.This issue affects WP Text Expander: from n/a through <= 1.0.1. | ||
| CVE-2025-49328 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.5.1. | ||
| CVE-2025-49327 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through <= 1.0.7. | ||
| CVE-2025-49326 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through <= 7.4.5. | ||
| CVE-2025-49315 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.10. | ||
| CVE-2025-49263 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through <= 2.5.6. | ||
| CVE-2025-30989 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows SQL Injection.This issue affects Libro de Reclamaciones y Quejas: from n/a through <= 0.9. | ||
| CVE-2025-26590 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through <= 3.5.1. | ||
| CVE-2023-26003 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2. | ||
| CVE-2025-5287 | Hig | 0.49 | 7.5 | 0.02 | May 28, 2025 | The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This… | ||
| CVE-2025-47671 | Hig | 0.49 | 7.6 | 0.00 | May 23, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0. | ||
| CVE-2025-43833 | Hig | 0.49 | 7.6 | 0.00 | May 19, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1. | ||
| CVE-2025-39370 | Hig | 0.49 | 7.6 | 0.00 | May 19, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n/a through <= 1.8.3. | ||
| CVE-2025-48280 | Hig | 0.49 | 7.6 | 0.00 | May 19, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.1.3. | ||
| CVE-2025-47567 | Hig | 0.49 | 7.6 | 0.00 | May 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background:… | ||
| CVE-2024-10864 | Hig | 0.49 | — | 0.00 | May 14, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5 | ||
| CVE-2025-4396 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2025 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and… | ||
| CVE-2025-47643 | Hig | 0.49 | 7.6 | 0.00 | May 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2. |
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim SEO: from n/a through <= 4.5.4.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander wp-text-expander allows SQL Injection.This issue affects WP Text Expander: from n/a through <= 1.0.1.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.5.1.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro shortlinkspro allows SQL Injection.This issue affects ShortLinks Pro: from n/a through <= 1.0.7.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through <= 7.4.5.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.10.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through <= 2.5.6.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows SQL Injection.This issue affects Libro de Reclamaciones y Quejas: from n/a through <= 0.9.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through <= 3.5.1.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.
- risk 0.49cvss 7.5epss 0.02
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n/a through <= 1.8.3.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.1.3.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background:…
- risk 0.49cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5
- risk 0.49cvss 7.5epss 0.03
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.5 (Premium) due to insufficient escaping on the user supplied parameter and…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.