Vulnerabilities protected by our SQL Injection firewall rule

1,958,600
Attacks Blocked in Past 24 Hours

Showing 101-120 of 1,444 Vulnerabilities

Title CVE ID CVSS Vector Date
Cost Calculator Builder <= 3.2.15 - Unauthenticated SQL Injection CVE-2024-43144 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H August 7, 2024
Viral Signup <= 2.1 - Unauthenticated SQL Injection CVE-2024-6926 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H August 7, 2024
Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2023-5000 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 5, 2024
VikRentCar <= 1.4.0 - Unauthenticated SQL Injection CVE-2024-39653 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H August 1, 2024
Easy Digital Downloads <= 3.2.12 - Unauthenticated SQL Injection CVE-2024-5057 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H August 1, 2024
Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection CVE-2024-39658 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H August 1, 2024
WP User Frontend <= 4.0.7 - Authenticated (Administrator+) SQL Injection CVE-2024-38693 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H August 1, 2024
Registrations for the Events Calendar – Event Registration Plugin <= 2.12.2 - Authenticated (Contributor+) SQL Injection CVE-2024-39638 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 30, 2024
Chatbot with ChatGPT <= 2.4.4 - Unauthenticated SQL Injection CVE-2024-6847 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 29, 2024
ListingPro Plugin <= 2.9.3 - Unauthenticated SQL Injection CVE-2024-38795 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 22, 2024
ListingPro Plugin <= 2.9.3 - Authenticated (Subscriber+) SQL Injection CVE-2024-39620 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 22, 2024
ListingPro <= 2.9.3 - Unauthenticated SQL Injection CVE-2024-39622 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 22, 2024
Best Restaurant Menu by PriceListo <= 1.4.1 - Authenticated (Contributor+) SQL Injection CVE-2024-38793 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 22, 2024
UiPress lite <= 3.4.06 - Authenticated (Administrator+) SQL Injection CVE-2024-38788 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H July 19, 2024
FormLift for Infusionsoft Web Forms <= 7.5.17 - Unauthenticated SQL Injection CVE-2024-38773 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 19, 2024
Barcode Scanner with Inventory & Order Manager <= 1.6.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-38708 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H July 11, 2024
DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection CVE-2024-38755 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 11, 2024
Spiffy Calendar <= 4.9.11 - Authenticated (Administrator+) SQL Injection CVE-2024-38692 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H July 10, 2024
WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id CVE-2024-6666 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 10, 2024
PayPlus Payment Gateway <= 7.0.7 - Authenticated (Subscriber+) SQL Injection CVE-2024-37564 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 9, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation