CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,813)

page 42 of 441

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-23931	Cri	0.60	9.3	0.00	Jan 22, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through <= 2.3.
CVE-2025-22553	Cri	0.60	9.3	0.00	Jan 21, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0.
CVE-2024-49655	Cri	0.60	9.3	0.00	Jan 21, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3.
CVE-2025-22542	Cri	0.60	9.3	0.00	Jan 9, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0.
CVE-2025-22540	Cri	0.60	9.3	0.00	Jan 9, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1.
CVE-2024-56290	Cri	0.60	9.3	0.00	Jan 7, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through <= 1.2.
CVE-2024-56284	Cri	0.60	9.3	0.00	Jan 7, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0.
CVE-2024-56042	Cri	0.60	9.3	0.00	Dec 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2024-56039	Cri	0.60	9.3	0.00	Dec 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7.
CVE-2024-54280	Cri	0.60	9.3	0.00	Dec 16, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0.
CVE-2024-55977	Cri	0.60	9.3	0.00	Dec 16, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1.
CVE-2024-54361	Cri	0.60	9.3	0.00	Dec 16, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2.
CVE-2024-54234	Cri	0.60	9.3	0.01	Dec 13, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5.
CVE-2024-54215	Cri	0.60	9.3	0.00	Dec 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.
CVE-2024-51615	Cri	0.60	9.3	0.00	Dec 6, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7.
CVE-2024-54221	Cri	0.60	9.3	0.00	Dec 5, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.This issue affects FAT Services Booking: from n/a through <= 5.6.
CVE-2024-52474	Cri	0.60	9.3	0.00	Nov 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through <= 1.1.8.
CVE-2024-52431	Cri	0.60	9.3	0.00	Nov 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CVE-2024-50479	Cri	0.60	9.3	0.00	Oct 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
CVE-2024-49305	Cri	0.60	9.3	0.00	Oct 17, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through <= 2.8.10.

CVE-2025-23931CriJan 22, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through <= 2.3.
CVE-2025-22553CriJan 21, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0.
CVE-2024-49655CriJan 21, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3.
CVE-2025-22542CriJan 9, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0.
CVE-2025-22540CriJan 9, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1.
CVE-2024-56290CriJan 7, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through <= 1.2.
CVE-2024-56284CriJan 7, 2025
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0.
CVE-2024-56042CriDec 31, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2024-56039CriDec 31, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7.
CVE-2024-54280CriDec 16, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0.
CVE-2024-55977CriDec 16, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1.
CVE-2024-54361CriDec 16, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2.
CVE-2024-54234CriDec 13, 2024
risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5.
CVE-2024-54215CriDec 9, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.
CVE-2024-51615CriDec 6, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7.
CVE-2024-54221CriDec 5, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.This issue affects FAT Services Booking: from n/a through <= 5.6.
CVE-2024-52474CriNov 28, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through <= 1.1.8.
CVE-2024-52431CriNov 18, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CVE-2024-50479CriOct 28, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
CVE-2024-49305CriOct 17, 2024
risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through <= 2.8.10.