CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 64 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26943 | Cri | 0.60 | 9.3 | 0.00 | Feb 25, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2. | ||
| CVE-2025-22290 | Cri | 0.60 | 9.3 | 0.00 | Feb 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows SQL Injection.This issue affects LTL Freight Quotes – FreightQuote… | ||
| CVE-2025-24612 | Cri | 0.60 | 9.3 | 0.00 | Jan 27, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ihor Kit Shipping for Nova Poshta nova-poshta-ttn allows SQL Injection.This issue affects Shipping for Nova Poshta: from n/a through <= 1.19.6. | ||
| CVE-2025-23931 | Cri | 0.60 | 9.3 | 0.01 | Jan 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through <= 2.3. | ||
| CVE-2025-22553 | Cri | 0.60 | 9.3 | 0.00 | Jan 21, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0. | ||
| CVE-2024-49655 | Cri | 0.60 | 9.3 | 0.00 | Jan 21, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3. | ||
| CVE-2025-22542 | Cri | 0.60 | 9.3 | 0.00 | Jan 9, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0. | ||
| CVE-2025-22540 | Cri | 0.60 | 9.3 | 0.00 | Jan 9, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1. | ||
| CVE-2024-56290 | Cri | 0.60 | 9.3 | 0.00 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL Injection.This issue affects Multiple… | ||
| CVE-2024-56284 | Cri | 0.60 | 9.3 | 0.00 | Jan 7, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0. | ||
| CVE-2024-56039 | Cri | 0.60 | 9.3 | 0.01 | Dec 31, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7. | ||
| CVE-2024-54280 | Cri | 0.60 | 9.3 | 0.01 | Dec 16, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0. | ||
| CVE-2024-55977 | Cri | 0.60 | 9.3 | 0.01 | Dec 16, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1. | ||
| CVE-2024-54361 | Cri | 0.60 | 9.3 | 0.01 | Dec 16, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. | ||
| CVE-2024-54234 | Cri | 0.60 | 9.3 | 0.01 | Dec 13, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5. | ||
| CVE-2024-54215 | Cri | 0.60 | 9.3 | 0.01 | Dec 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18. | ||
| CVE-2024-51615 | Cri | 0.60 | 9.3 | 0.00 | Dec 6, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7. | ||
| CVE-2024-54221 | Cri | 0.60 | 9.3 | 0.00 | Dec 5, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.This issue affects FAT Services Booking: from n/a through <= 5.6. | ||
| CVE-2024-52474 | Cri | 0.60 | 9.3 | 0.01 | Nov 28, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through <=… | ||
| CVE-2024-52431 | Cri | 0.60 | 9.3 | 0.00 | Nov 18, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through… |
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows SQL Injection.This issue affects LTL Freight Quotes – FreightQuote…
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ihor Kit Shipping for Nova Poshta nova-poshta-ttn allows SQL Injection.This issue affects Shipping for Nova Poshta: from n/a through <= 1.19.6.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through <= 2.3.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL Injection.This issue affects Multiple…
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through <= 3.7.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.This issue affects FAT Services Booking: from n/a through <= 5.6.
- risk 0.60cvss 9.3epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through <=…
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through…