🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

1,257,690

Attacks Blocked in Past 24 Hours

Showing 61-80 of 1,290 Vulnerabilities

History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection

6.6

CVE-2023-5082

Oct 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-4691

Sep 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters

6.6

CVE-2023-35915

Jun 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection

6.6

CVE-2023-35879

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection

6.6

CVE-2023-2655

Jun 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-2592

Jun 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-2482

Jun 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch

6.6

CVE-2023-2761

May 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection

6.6

CVE-2023-2111

May 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-1207

Apr 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'

6.6

CVE-2023-0329

Apr 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-1016

Jan 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-23991

Jan 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id

6.6

CVE-2022-4154

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection

6.6

CVE-2021-24345

May 27, 2021

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

10WebSocial <= 1.1.26 - Authenticated (Admin+) SQL Injection

6.8

CVE ID Unknown

Sep 11, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection

7.2

CVE-2024-1173

May 1, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection

7.2

CVE-2024-1789

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

7.2

CVE-2024-3067

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2024-3265

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection	CVE-2023-5082	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	October 15, 2023
Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection	CVE-2023-4691	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	September 25, 2023
WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters	CVE-2023-35915	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 20, 2023
WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection	CVE-2023-35879	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 19, 2023
Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection	CVE-2023-2655	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 15, 2023
FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection	CVE-2023-2592	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 5, 2023
Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection	CVE-2023-2482	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 5, 2023
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch	CVE-2023-2761	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 25, 2023
HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection	CVE-2023-2111	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 2, 2023
HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection	CVE-2023-1207	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	April 24, 2023
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'	CVE-2023-0329	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	April 24, 2023
Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection	CVE-2023-1016	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	January 25, 2023
Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection	CVE-2023-23991	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	January 20, 2023
Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id	CVE-2022-4154	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection	CVE-2021-24345	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 27, 2021
10WebSocial <= 1.1.26 - Authenticated (Admin+) SQL Injection		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	September 11, 2020
WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection	CVE-2024-1173	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 1, 2024
WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection	CVE-2024-1789	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 25, 2024
WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting	CVE-2024-3067	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 15, 2024
WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection	CVE-2024-3265	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 4, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation