CVE-2024-6847 – SmartSearch WP <= 2.4.4 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-6847
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot. The Chatbot with ChatGPT WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-39622 – WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-39622
The ListingPro theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-38795 – WordPress ListingPro plugin <= 2.9.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38795
The ListingPro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-38773 – WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38773
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'form_id' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/formlift/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-37933 – WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-37933
The Woocommerce OpenPos plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •