CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,833)

page 73 of 442

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-30535	WordPress Easy Form Builder	Hig	0.55	8.5	0.00	Mar 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4.
CVE-2024-30489	WordPress Wp Estimation Form	Hig	0.55	8.5	0.00	Mar 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.
CVE-2024-30499	Crmperks CRM Perks Forms	Hig	0.55	8.5	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
CVE-2024-30497	I13websolution Wp Responsive Tabs	Hig	0.55	8.5	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.
CVE-2024-30496	Bdthemes Element Pack	Hig	0.55	8.5	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.
CVE-2024-30488	Katieseaborn Zotpress	Hig	0.55	8.5	0.00	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.
CVE-2024-30486	Maxfoundry Media Library Folders	Hig	0.55	8.5	0.01	Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.
CVE-2023-39309	Avada Fusion Builder	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2024-30244	Church Admin Project Church Admin	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-30243	WordPress Wordpress Tooltips	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
CVE-2024-30242	WordPress Contact Form To Any Api	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
CVE-2024-30240	WordPress Calendarista	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
CVE-2024-30239	WordPress Zoho Campaigns	Hig	0.55	8.5	0.00	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
CVE-2024-30236	Contest Gallery Contest Gallery	Hig	0.55	8.5	0.01	Mar 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-30238	Contest Gallery Contest Gallery	Hig	0.55	8.5	0.01	Mar 27, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.
CVE-2024-24868	Smartypantsplugins Sp Project \& Document Manager	Hig	0.55	8.5	0.00	Feb 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
CVE-2024-23507	Instawp Instawp Connect	Hig	0.55	8.5	0.00	Jan 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2024-22283	Delhivery Logistics Courier	Hig	0.55	8.5	0.00	Jan 27, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.
CVE-2023-52204	Javik Randomize	Hig	0.55	8.5	0.00	Jan 8, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.
CVE-2023-52133	Whiletrue Most And Least Read Posts Widget	Hig	0.55	8.5	0.00	Dec 31, 2023	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16.

CVE-2024-30535HigMar 31, 2024
WordPress
Easy Form Builder
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4.
CVE-2024-30489HigMar 31, 2024
WordPress
Wp Estimation Form
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.
CVE-2024-30499HigMar 29, 2024
Crmperks
CRM Perks Forms
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
CVE-2024-30497HigMar 29, 2024
I13websolution
Wp Responsive Tabs
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.
CVE-2024-30496HigMar 29, 2024
Bdthemes
Element Pack
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.
CVE-2024-30488HigMar 29, 2024
Katieseaborn
Zotpress
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.
CVE-2024-30486HigMar 29, 2024
Maxfoundry
Media Library Folders
risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.
CVE-2023-39309HigMar 28, 2024
Avada
Fusion Builder
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2024-30244HigMar 28, 2024
Church Admin Project
Church Admin
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-30243HigMar 28, 2024
WordPress
Wordpress Tooltips
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
CVE-2024-30242HigMar 28, 2024
WordPress
Contact Form To Any Api
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
CVE-2024-30240HigMar 28, 2024
WordPress
Calendarista
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
CVE-2024-30239HigMar 28, 2024
WordPress
Zoho Campaigns
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
CVE-2024-30236HigMar 28, 2024
Contest Gallery
Contest Gallery
risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-30238HigMar 27, 2024
Contest Gallery
Contest Gallery
risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.
CVE-2024-24868HigFeb 28, 2024
Smartypantsplugins
Sp Project \& Document Manager
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
CVE-2024-23507HigJan 31, 2024
Instawp
Instawp Connect
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2024-22283HigJan 27, 2024
Delhivery
Logistics Courier
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.
CVE-2023-52204HigJan 8, 2024
Javik
Randomize
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.
CVE-2023-52133HigDec 31, 2023
Whiletrue
Most And Least Read Posts Widget
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16.