Tag: sql injection

All the articles with the tag "sql injection".

• [CVE-2025-12197] The Events Calendar WordPress Plugin Blind SQL Injection Exposes Site Databases

  5 Nov, 2025

  Unauthenticated SQL injection in a widely installed WordPress events plugin lets attackers exfiltrate data through crafted search requests. Updating to version 6.15.10 closes the hole.

• [CVE-2024-43018] SQL Injection in Piwigo’s User Management Lets Attackers Read or Tamper with Gallery Data

  29 Jul, 2025

  The admin-side user list in Piwigo up to 13.8.0 passes two search parameters directly to MySQL. A single quote is enough to dump the photo gallery’s user table or modify it, and a public proof of concept is already on GitHub.

• [CVE-2025-4396] Unauthenticated SQL Injection in Relevanssi Gives Attackers a Direct Line to Your WordPress Database

  13 May, 2025

  A logic flaw in the popular Relevanssi search plugin lets anyone craft time-based SQL queries through public search parameters. The bug leaks or modifies WordPress data without needing an account.