Vulnerabilities protected by our SQL Injection firewall rule

1,758,561
Attacks Blocked in Past 24 Hours

Showing 121-140 of 1,444 Vulnerabilities

Title CVE ID CVSS Vector Date
WpStickyBar – Sticky Bar, Sticky Header <= 2.1.0 - Unauthenticated SQL Injection CVE-2024-5765 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 9, 2024
CZ Loan Management <= 1.1 - Unauthenticated SQL Injection CVE-2024-5975 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 9, 2024
Woocommerce OpenPos <= 6.4.4 - Unauthenticated SQL Injection CVE-2024-37933 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H July 9, 2024
OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection CVE-2024-3604 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 8, 2024
Youzify <= 1.2.5 - Authenticated (Contributor+) SQL Injection CVE-2024-37494 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 4, 2024
Paid Memberships Pro <= 3.0.5 - Authenticated (Administrator+) SQL Injection CVE-2024-37486 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H July 4, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe CVE-2024-6172 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 1, 2024
PayPlus Payment Gateway <= 6.6.8 - Unauthenticated SQL Injection CVE-2024-6205 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H June 28, 2024
WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection CVE-2024-2386 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 28, 2024
Zoho Marketing Automation <= 1.2.7 - Authenticated (Contributor+) SQL Injection CVE-2024-37225 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 21, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin CVE-2024-5756 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 20, 2024
WishList Member X <= 3.25.1 - Unauthenticated Arbitrary SQL Execution CVE-2024-37112 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H June 20, 2024
Consulting Elementor Widgets <= 1.3.0 - Authenticated (Contributor+) SQL Injection CVE-2024-37090 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 20, 2024
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection CVE-2024-4742 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 19, 2024
WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection CVE-2024-3605 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H June 19, 2024
Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection CVE-2024-3922 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H June 11, 2024
Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-3549 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 10, 2024
Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection CVE-2024-36082 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H June 10, 2024
Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection CVE-2024-4902 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H June 6, 2024
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection CVE-2024-3592 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 6, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation