Export limit exceeded: 19582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57663 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-54820 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | ||||
| CVE-2026-56036 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | ||||
| CVE-2026-57644 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-56067 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | ||||
| CVE-2026-57628 | 2026-06-26 | 7.6 High | ||
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-13226 | 2 Trainingbusinesspros, Wordpress | 2 Groundhogg — Crm, Newsletters, And Marketing Automation, Wordpress | 2026-06-26 | 6.5 Medium |
| The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path. | ||||
| CVE-2026-57667 | 2026-06-26 | 8.5 High | ||
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | ||||
| CVE-2026-56068 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. | ||||
| CVE-2026-56034 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions. | ||||
| CVE-2016-20069 | 2 Dwbooster, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-06-26 | 8.2 High |
| WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information. | ||||
| CVE-2016-20068 | 2 Dwbooster, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-06-26 | 8.2 High |
| WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint with the action parameter set to 'dex_bccf_calendar_ajaxevent' and supply crafted SQL commands in the 'id' parameter to extract sensitive database information. | ||||
| CVE-2026-39502 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. | ||||
| CVE-2026-54813 | 2 Brainstorm Force, Wordpress | 2 Suredash, Wordpress | 2026-06-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | ||||
| CVE-2026-35068 | 1 Dell | 1 Powerflex | 2026-06-26 | 3.5 Low |
| Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2026-35069 | 1 Dell | 1 Powerflex | 2026-06-26 | 5.7 Medium |
| Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2026-12937 | 2 Themefic, Wordpress | 2 Tourfic – Ai Powered Travel Booking, Hotel Booking & Car Rental Wordpress Plugin, Wordpress | 2026-06-26 | 7.5 High |
| The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path. | ||||
| CVE-2026-54838 | 2 Rymera Web Co, Wordpress | 2 Wc Vendors Marketplace, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | ||||
| CVE-2026-54843 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | ||||
| CVE-2026-54836 | 2 Wordpress, Ymc | 2 Wordpress, Ymc Filter | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | ||||