🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

2,188,651

Attacks Blocked in Past 24 Hours

Showing 41-60 of 1,271 Vulnerabilities

Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection

9.8

CVE-2024-0709

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

9.8

CVE-2024-0705

Jan 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken

9.8

CVE-2023-52215

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by

9.8

CVE-2023-6567

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection

9.8

CVE-2023-51423

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid

9.8

CVE-2023-50839

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Burst Statistics – Privacy-Friendly Analytics for WordPress 1.4.0 to 1.4.6.1 - Unauthenticated SQL Injection

9.8

CVE-2023-5761

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection

9.8

CVE-2023-49776

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adifier System < 3.1.4 - Unauthenticated SQL Injection

9.8

CVE-2023-49752

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Couponis Demo < 2.2 - Unauthenticated SQL Injection

9.8

CVE-2023-49750

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms

9.8

CVE-2023-40010

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

My Calendar <= 3.4.21 - Unauthenticated SQL Injection

9.8

CVE-2023-6360

Nov 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Porto Theme - Functionality <= 2.11.1 - Unauthenticated SQL Injection

9.8

CVE-2023-48738

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Article Analytics <= 1.0 - Unauthenticated SQL Injection

9.8

CVE-2023-5640

Oct 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection

9.8

CVE-2023-6030

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection

9.8

CVE-2023-5652

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2023-45830

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response

9.8

CVE-2023-5204

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection

9.8

CVE-2023-5203

Sep 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection

9.8

CVE-2023-41652

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection	CVE-2024-0709	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 19, 2024
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection	CVE-2024-0705	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 18, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken	CVE-2023-52215	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by	CVE-2023-6567	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 2, 2024
WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection	CVE-2023-51423	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid	CVE-2023-50839	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Burst Statistics – Privacy-Friendly Analytics for WordPress 1.4.0 to 1.4.6.1 - Unauthenticated SQL Injection	CVE-2023-5761	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 6, 2023
Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection	CVE-2023-49776	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
Adifier System < 3.1.4 - Unauthenticated SQL Injection	CVE-2023-49752	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Couponis Demo < 2.2 - Unauthenticated SQL Injection	CVE-2023-49750	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms	CVE-2023-40010	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
My Calendar <= 3.4.21 - Unauthenticated SQL Injection	CVE-2023-6360	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 26, 2023
Porto Theme - Functionality <= 2.11.1 - Unauthenticated SQL Injection	CVE-2023-48738	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
Article Analytics <= 1.0 - Unauthenticated SQL Injection	CVE-2023-5640	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 27, 2023
LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection	CVE-2023-6030	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 26, 2023
WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection	CVE-2023-5652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 26, 2023
Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection	CVE-2023-45830	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 13, 2023
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response	CVE-2023-5204	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 11, 2023
WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection	CVE-2023-5203	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 11, 2023
RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection	CVE-2023-41652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 1, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation