Vulnerabilities protected by our SQL Injection firewall rule

Title	CVE ID	CVSS	Vector	Date
Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint	CVE-2023-5041	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 26, 2023
iPanorama 360 – WordPress Virtual Tour Builder <= 1.7.3 - Authenticated (Admin+) SQL injection		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 22, 2023
wpDiscuz <= 7.6.5 - Unauthenticated SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 18, 2023
Horizontal scrolling announcement <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode	CVE-2023-4999	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 15, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 14, 2023
WooCommerce Beta Tester < 2.2.4 - Authenticated (Administrator+) SQL Injection		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 12, 2023
Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 12, 2023
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode	CVE-2023-4598	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 11, 2023
WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection	CVE-2023-34383	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 4, 2023
Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-41685	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 4, 2023
RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection	CVE-2023-41652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 1, 2023
Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post'	CVE-2023-40609	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 17, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection	CVE-2023-40207	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 11, 2023
WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export	CVE-2023-3677	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 11, 2023
Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection	CVE-2023-39309	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
Demon image annotation <= 5.1 - Authenticated (Administrator+) SQL Injection	CVE-2023-40215	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
TI WooCommerce Wishlist <= 2.7.3 - Unauthenticated Blind SQL Injection via Rest API		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 31, 2023
Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id'	CVE-2023-35910	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 24, 2023
WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 24, 2023
WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection	CVE-2023-3211	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 24, 2023

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation