🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

1,247,585

Attacks Blocked in Past 24 Hours

Showing 81-100 of 1,290 Vulnerabilities

WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection

7.2

CVE-2024-0956

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection

7.2

CVE-2024-0913

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2024-30478

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2024-30495

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id

7.2

CVE-2024-0952

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection

7.2

CVE-2024-2954

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Avada <= 7.11.6 - Authenticated (Editor+) SQL Injection via entry

7.2

CVE-2024-2344

Mar 20, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection

7.2

CVE-2024-1793

Feb 29, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2024-0566

Jan 18, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection

7.2

CVE-2024-0405

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

PDF Invoices & Packing Slips for WooCommerce <= 3.7.6 - Authenticated (Shop Manager+) SQL Injection

7.2

CVE-2024-22147

Jan 12, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection

7.2

CVE-2024-30501

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection

7.2

CVE-2024-21747

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection

7.2

CVE-2023-52201

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-6620

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.9.3 - Authenticated(Editor+) SQL Injection

7.2

CVE-2023-50847

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49764

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49166

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48742

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48741

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection	CVE-2024-0956	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection	CVE-2024-0913	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection	CVE-2024-30478	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection	CVE-2024-30495	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id	CVE-2024-0952	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection	CVE-2024-2954	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
Avada <= 7.11.6 - Authenticated (Editor+) SQL Injection via entry	CVE-2024-2344	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 20, 2024
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection	CVE-2024-1793	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 29, 2024
Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection	CVE-2024-0566	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 18, 2024
Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection	CVE-2024-0405	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 16, 2024
PDF Invoices & Packing Slips for WooCommerce <= 3.7.6 - Authenticated (Shop Manager+) SQL Injection	CVE-2024-22147	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 12, 2024
Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection	CVE-2024-30501	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection	CVE-2024-21747	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 5, 2024
pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection	CVE-2023-52201	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 3, 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection	CVE-2023-6620	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Welcart e-Commerce <= 2.9.3 - Authenticated(Editor+) SQL Injection	CVE-2023-50847	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection	CVE-2023-49764	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection	CVE-2023-49166	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 29, 2023
License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection	CVE-2023-48742	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection	CVE-2023-48741	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation