VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,813)

page 40 of 441
  • CVE-2025-22655CriApr 17, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – Stealth Links: from n/a through <= 1.3.

  • CVE-2025-22371CriApr 14, 2025
    risk 0.60cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)

  • CVE-2025-32603CriApr 11, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through <= 1.0.0.

  • CVE-2025-32565CriApr 11, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/a through <= 2.2.0.

  • CVE-2025-31599CriApr 11, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6.

  • CVE-2025-31565CriApr 11, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <= 2.0.12.

  • CVE-2025-31403CriApr 4, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3.

  • CVE-2025-31911CriApr 3, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Blind SQL Injection.This issue affects Social Share And Social Locker: from n/a through <= 1.4.2.

  • CVE-2025-31579CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows SQL Injection.This issue affects WP AutoKeyword: from n/a through <= 1.0.

  • CVE-2025-31553CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.1.

  • CVE-2025-31552CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.6.7.

  • CVE-2025-31551CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows SQL Injection.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3.

  • CVE-2025-31534CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper shopper allows SQL Injection.This issue affects Shopper: from n/a through <= 3.2.5.

  • CVE-2025-31531CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through <= 1.0.13.

  • CVE-2025-30807CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration nextcart-woocommerce-migration allows SQL Injection.This issue affects Next-Cart Store to WooCommerce Migration: from n/a through <= 3.9.4.

  • CVE-2025-30971CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quotes: from n/a through <= 2.0.0.

  • CVE-2025-30886CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through <= 2.9.2.

  • CVE-2025-30876CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows SQL Injection.This issue affects Ads by WPQuads: from n/a through <= 2.0.87.1.

  • CVE-2025-30622CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash postmash-custom allows SQL Injection.This issue affects PostMash: from n/a through <= 1.0.3.

  • CVE-2025-22523CriMar 28, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.