Vulnerabilities protected by our SQL Injection firewall rule

1,517,181
Attacks Blocked in Past 24 Hours

Showing 441-460 of 1,444 Vulnerabilities

Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'
7.2
CVE-2023-32508
May 10, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection
7.2
CVE-2023-0900
May 10, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id
9.8
CVE-2022-47586
May 9, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-32121
May 9, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Zero Spam for WordPress <= 5.4.4 - Authenticated(Administrator+) SQL Injection
7.2
CVE ID Unknown
May 8, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-32128
May 5, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics
8.8
CVE-2023-30750
May 3, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection
6.6
CVE-2023-2111
May 2, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Easy Bet <= 1.0.7 - Authenticated(Contributor+) SQL Injection
8.8
CVE-2023-31092
Apr 26, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Custom 404 Pro <= 3.8.0 - Unauthenticated SQL Injection via 's'
9.8
CVE-2023-2032
Apr 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-0579
Apr 25, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Custom 404 Pro <= 3.7.2 - Unauthenticated SQL Injection
9.8
CVE ID Unknown
Apr 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'
6.6
CVE-2023-0329
Apr 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'
7.2
CVE-2023-30872
Apr 24, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id
8.8
CVE-2023-30495
Apr 24, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection
9.8
CVE-2023-0600
Apr 24, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection
6.6
CVE-2023-1207
Apr 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2022-47420
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected
7.2
CVE-2022-47428
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2023-26325
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata' CVE-2023-32508 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 10, 2023
AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection CVE-2023-0900 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 10, 2023
Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id CVE-2022-47586 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 9, 2023
Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection CVE-2023-32121 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 9, 2023
Zero Spam for WordPress <= 5.4.4 - Authenticated(Administrator+) SQL Injection 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 8, 2023
Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection CVE-2023-32128 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 5, 2023
CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics CVE-2023-30750 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 3, 2023
HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection CVE-2023-2111 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H May 2, 2023
Easy Bet <= 1.0.7 - Authenticated(Contributor+) SQL Injection CVE-2023-31092 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 26, 2023
Custom 404 Pro <= 3.8.0 - Unauthenticated SQL Injection via 's' CVE-2023-2032 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 25, 2023
YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-0579 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 25, 2023
Custom 404 Pro <= 3.7.2 - Unauthenticated SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 25, 2023
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls' CVE-2023-0329 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H April 24, 2023
BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby' CVE-2023-30872 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 24, 2023
Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id CVE-2023-30495 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 24, 2023
WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection CVE-2023-0600 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 24, 2023
HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection CVE-2023-1207 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H April 24, 2023
Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection CVE-2022-47420 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 19, 2023
Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected CVE-2022-47428 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 19, 2023
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection CVE-2023-26325 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 19, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation