Vulnerabilities protected by our SQL Injection firewall rule

1,120,991
Attacks Blocked in Past 24 Hours

Showing 1-20 of 1,200 Vulnerabilities

Title CVE ID CVSS Vector Date
Conversios <= 6.9.1 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory CVE-2024-0786 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 27, 2024
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection CVE-2024-1698 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 26, 2024
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection CVE-2024-1512 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 16, 2024
Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection CVE-2024-0610 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 16, 2024
Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection CVE-2024-25928 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 15, 2024
Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection CVE-2024-25902 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H February 12, 2024
MoveTo <= 6.2 - Unauthenticated SQL Injection CVE-2024-25910 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 12, 2024
RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection CVE-2024-1317 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2024
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection CVE-2024-0594 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2024
Booking Calendar <= 9.9 - Unauthenticated SQL Injection CVE-2024-1207 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 7, 2024
WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton CVE-2024-1206 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 7, 2024
Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection CVE-2024-1118 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 6, 2024
SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-24868 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 2, 2024
Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection CVE-2024-0685 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N February 1, 2024
HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id CVE-2024-1061 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N January 31, 2024
InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection CVE-2024-23507 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 24, 2024
Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection CVE-2024-0709 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 19, 2024
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection CVE-2024-0705 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 18, 2024
Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection CVE-2024-22283 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 16, 2024
Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection CVE-2024-0405 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H January 16, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation