CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 137 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24659 | Hig | 0.49 | 7.6 | 0.01 | Jan 24, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM – Premium Packages: from n/a through <= 5.9.6. | ||
| CVE-2025-23784 | Hig | 0.49 | 7.6 | 0.00 | Jan 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead… | ||
| CVE-2025-22710 | Hig | 0.49 | 7.6 | 0.01 | Jan 21, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0. | ||
| CVE-2025-23780 | Hig | 0.49 | 7.6 | 0.01 | Jan 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through <= 1.0.2. | ||
| CVE-2025-23779 | Hig | 0.49 | 7.6 | 0.01 | Jan 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through <= 2.0.5. | ||
| CVE-2025-20620 | Hig | 0.49 | 7.5 | 0.00 | Jan 14, 2025 | SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page. | ||
| CVE-2024-12404 | Hig | 0.49 | 7.5 | 0.01 | Jan 11, 2025 | The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.… | ||
| CVE-2025-22527 | Hig | 0.49 | 7.6 | 0.00 | Jan 9, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9. | ||
| CVE-2024-11939 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2025 | The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the… | ||
| CVE-2025-22350 | Hig | 0.49 | 7.6 | 0.00 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9. | ||
| CVE-2025-22536 | Hig | 0.49 | 7.6 | 0.01 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through <= 1.3. | ||
| CVE-2025-22533 | Hig | 0.49 | 7.6 | 0.01 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0. | ||
| CVE-2025-22507 | Hig | 0.49 | 7.6 | 0.01 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in iDo8p WPMU Prefill Post wpmu-prefill-post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through <= 1.02. | ||
| CVE-2025-22502 | Hig | 0.49 | 7.6 | 0.01 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash mindvalley-pagemash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through <= 1.1. | ||
| CVE-2025-22352 | Hig | 0.49 | 7.6 | 0.01 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This… | ||
| CVE-2025-22351 | Hig | 0.49 | 7.6 | 0.00 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in penguinarts Contact Form 7 Database – CFDB7 advanced-cf7-database allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through <= 1.0.0. | ||
| CVE-2025-22349 | Hig | 0.49 | 7.6 | 0.00 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7. | ||
| CVE-2024-12157 | Hig | 0.49 | 7.5 | 0.01 | Jan 7, 2025 | The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user… | ||
| CVE-2024-56250 | Hig | 0.49 | 7.6 | 0.00 | Jan 2, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through <= 4.7. | ||
| CVE-2024-56247 | Hig | 0.49 | 7.6 | 0.00 | Jan 2, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author wp-post-author allows SQL Injection.This issue affects WP Post Author: from n/a through <= 3.8.2. |
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM – Premium Packages: from n/a through <= 5.9.6.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead…
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through <= 1.0.2.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through <= 2.0.5.
- risk 0.49cvss 7.5epss 0.00
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page.
- risk 0.49cvss 7.5epss 0.01
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
- risk 0.49cvss 7.5epss 0.00
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through <= 1.3.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in iDo8p WPMU Prefill Post wpmu-prefill-post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through <= 1.02.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash mindvalley-pagemash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through <= 1.1.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in penguinarts Contact Form 7 Database – CFDB7 advanced-cf7-database allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through <= 1.0.0.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7.
- risk 0.49cvss 7.5epss 0.01
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through <= 4.7.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author wp-post-author allows SQL Injection.This issue affects WP Post Author: from n/a through <= 3.8.2.