Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33209 | 1 Crawlspider | 1 Seo Change Monitor | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-49825 | 1 Pencidesign | 1 Soledad | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-30495 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. | |||||
| CVE-2023-30750 | 1 Cminds | 1 Cm Popup | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | |||||
| CVE-2023-30872 | 1 Bannersky | 1 Bsk Forms Blacklist | 2023-12-26 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2. | |||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 8.8 HIGH |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||||
| CVE-2022-43262 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 9.8 CRITICAL |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | |||||
| CVE-2023-29597 | 1 Bloofox | 1 Bloofoxcms | 2023-12-22 | N/A | 8.8 HIGH |
| bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | |||||
| CVE-2023-48434 | 1 Projectworlds | 1 Online Voting System Project | 2023-12-22 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48433 | 1 Projectworlds | 1 Online Voting System Project | 2023-12-22 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2023-12-22 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-48372 | 1 Itpison | 1 Omicard Edm | 2023-12-22 | N/A | 9.8 CRITICAL |
| ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-48395 | 1 Kaifa | 1 Webitr Attendance System | 2023-12-22 | N/A | 6.5 MEDIUM |
| Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. | |||||
| CVE-2023-48384 | 1 Armorxgt | 1 Spamtrap | 2023-12-22 | N/A | 9.8 CRITICAL |
| ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-49750 | 1 Spoonthemes | 1 Couponis | 2023-12-22 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2. | |||||
| CVE-2023-49764 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | |||||
| CVE-2023-40010 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2023-12-22 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY – Products Filter for WooCommerce Professional.This issue affects HUSKY – Products Filter for WooCommerce Professional: from n/a through 1.3.4.2. | |||||
| CVE-2023-47852 | 1 Linkwhisper | 1 Link Whisper Free | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5. | |||||
| CVE-2023-31092 | 1 Foxskav | 1 Easy Bet | 2023-12-22 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |||||