Vulnerabilities protected by our SQL Injection firewall rule

1,415,065
Attacks Blocked in Past 24 Hours

Showing 581-600 of 1,444 Vulnerabilities

SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49612
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49618
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
8.8
CVE-2024-49621
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Social Link Groups <= 1.1.0 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-49619
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection
8.8
CVE-2024-49622
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2023-5000
Aug 5, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Best Restaurant Menu by PriceListo <= 1.4.1 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-38793
Jul 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id
8.8
CVE-2024-6666
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-2386
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]
8.8
CVE-2024-4779
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection
8.8
CVE ID Unknown
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-2831
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes
8.8
CVE-2024-1797
Apr 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-3211
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-3217
Apr 4, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-31234
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-31233
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2023-6967
Mar 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-0608
Mar 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-1990
Mar 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-49612 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-49618 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection CVE-2024-49621 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
Social Link Groups <= 1.1.0 - Authenticated (Contributor+) SQL Injection CVE-2024-49619 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection CVE-2024-49622 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 17, 2024
Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2023-5000 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 5, 2024
Best Restaurant Menu by PriceListo <= 1.4.1 - Authenticated (Contributor+) SQL Injection CVE-2024-38793 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 22, 2024
WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id CVE-2024-6666 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 10, 2024
WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection CVE-2024-2386 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 28, 2024
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] CVE-2024-4779 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 22, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2831 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes CVE-2024-1797 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 26, 2024
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection CVE-2024-3211 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 11, 2024
WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-3217 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2024
REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-31234 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 3, 2024
Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-31233 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 3, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2023-6967 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 28, 2024
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection CVE-2024-0608 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 28, 2024
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-1990 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 26, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation