Vulnerabilities protected by our SQL Injection firewall rule

1,621,168
Attacks Blocked in Past 24 Hours

Showing 141-160 of 1,444 Vulnerabilities

Title CVE ID CVSS Vector Date
Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection CVE-2024-35750 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 6, 2024
Visualizer <= 3.11.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-35736 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 6, 2024
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress <= 1.7.2 - Authenticated (Author+) SQL Injection CVE-2024-35678 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 5, 2024
wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection CVE-2024-3820 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H May 31, 2024
wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection CVE-2024-3200 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 31, 2024
HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection CVE-2024-5522 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H May 30, 2024
Push Notification for Post and BuddyPress <= 1.93 - Unauthenticated SQL Injection CVE-2024-6159 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H May 27, 2024
WP TripAdvisor Review Slider <= 12.6 - Authenticated (Administrator+) SQL Injection CVE-2024-35630 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H May 27, 2024
Search & Replace <= 3.2.1 - Authenticated (Administrator+) SQL injection CVE-2024-4145 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 23, 2024
Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection CVE-2024-3552 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 23, 2024
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] CVE-2024-4779 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 22, 2024
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-34412 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2024
KKProgressbar2 Free <= 1.1.4.2 - Authenticated (Admin+) SQL Injection CVE-2024-4533 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H May 6, 2024
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection CVE-2024-1173 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 1, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2831 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection CVE-2024-33911 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 29, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection CVE-2024-3060 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 26, 2024
Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection CVE-2024-3342 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H April 26, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes CVE-2024-1797 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 26, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation