🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

2,789,668

Attacks Blocked in Past 24 Hours

Showing 81-100 of 1,281 Vulnerabilities

404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection

9.1

CVE-2024-1068

Feb 17, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection

9.8

CVE-2024-0610

Feb 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection

9.8

CVE-2024-1512

Feb 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection

9.8

CVE-2024-25928

Feb 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated SQL Injection

9.8

CVE-2024-25910

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection

6.6

CVE-2024-25902

Feb 12, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection

8.8

CVE-2024-1317

Feb 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2024-0594

Feb 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Booking Calendar <= 9.9 - Unauthenticated SQL Injection

9.8

CVE-2024-1207

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton

8.8

CVE-2024-1206

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2024-1118

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2024-24868

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

5.9

CVE-2024-0685

Feb 1, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id

6.5

CVE-2024-1061

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2024-23507

Jan 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection

9.8

CVE-2024-0709

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2024-0566

Jan 18, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

9.8

CVE-2024-0705

Jan 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection

7.2

CVE-2024-0405

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2024-22283

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection	CVE-2024-1068	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	February 17, 2024
Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection	CVE-2024-0610	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 16, 2024
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection	CVE-2024-1512	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 16, 2024
Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection	CVE-2024-25928	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 15, 2024
MoveTo <= 6.2 - Unauthenticated SQL Injection	CVE-2024-25910	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection	CVE-2024-25902	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection	CVE-2024-1317	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 9, 2024
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection	CVE-2024-0594	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 9, 2024
Booking Calendar <= 9.9 - Unauthenticated SQL Injection	CVE-2024-1207	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 7, 2024
WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton	CVE-2024-1206	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 7, 2024
Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection	CVE-2024-1118	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 6, 2024
SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2024-24868	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 2, 2024
Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection	CVE-2024-0685	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	February 1, 2024
HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id	CVE-2024-1061	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	January 31, 2024
InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection	CVE-2024-23507	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 24, 2024
Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection	CVE-2024-0709	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 19, 2024
Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection	CVE-2024-0566	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 18, 2024
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection	CVE-2024-0705	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 18, 2024
Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection	CVE-2024-0405	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 16, 2024
Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection	CVE-2024-22283	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 16, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation