🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

1,265,650

Attacks Blocked in Past 24 Hours

Showing 1221-1240 of 1,271 Vulnerabilities

WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters

6.6

CVE-2023-35915

Jun 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection

6.6

CVE-2023-35879

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection

6.6

CVE-2023-2655

Jun 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-2592

Jun 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-2482

Jun 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch

6.6

CVE-2023-2761

May 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection

6.6

CVE-2023-2111

May 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-1207

Apr 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'

6.6

CVE-2023-0329

Apr 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-1016

Jan 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-23991

Jan 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id

6.6

CVE-2022-4154

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection

6.6

CVE-2021-24345

May 27, 2021

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id

6.5

CVE-2024-1061

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection

6.5

CVE-2023-28491

Mar 15, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call

6.5

CVE ID Unknown

May 26, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection

6.5

CVE-2022-0814

Apr 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection

6.5

CVE-2022-0783

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP Video Gallery <= 1.7.1 - SQL Injection

6.5

CVE-2022-0826

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection

6.5

CVE-2022-0948

Apr 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters	CVE-2023-35915	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 20, 2023
WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection	CVE-2023-35879	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 19, 2023
Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection	CVE-2023-2655	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 15, 2023
FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection	CVE-2023-2592	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 5, 2023
Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection	CVE-2023-2482	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 5, 2023
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch	CVE-2023-2761	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 25, 2023
HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection	CVE-2023-2111	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 2, 2023
HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection	CVE-2023-1207	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	April 24, 2023
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'	CVE-2023-0329	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	April 24, 2023
Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection	CVE-2023-1016	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	January 25, 2023
Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection	CVE-2023-23991	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	January 20, 2023
Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id	CVE-2022-4154	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection	CVE-2021-24345	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 27, 2021
HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id	CVE-2024-1061	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	January 31, 2024
Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection	CVE-2023-28491	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	March 15, 2023
Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call		6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	May 26, 2022
Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection	CVE-2022-0814	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 18, 2022
Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection	CVE-2022-0783	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
WP Video Gallery <= 1.7.1 - SQL Injection	CVE-2022-0826	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection	CVE-2022-0948	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 12, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation