| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through <= 2.7.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through <= 2.7.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through <= 3.1.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <= 1.4.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.This issue affects Fluent Support: from n/a through <= 1.8.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through < 6.9.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. |
| Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0. |
