CVE-2024-9828

MEDIUM Year: 2024
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks

Related Vulnerabilities

CVE-2024-10638

MEDIUM
CVSS:4.1(Medium)

The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection at...

CWE-892024

CVE-2024-12109

MEDIUM
CVSS:4.1(Medium)

The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection att...

CWE-892024

CVE-2025-1446

MEDIUM
CVSS:4.1(Medium)

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

CWE-892025

CVE-2025-1986

MEDIUM
CVSS:4.1(Medium)

The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

CWE-892025

CVE-2022-22413

MEDIUM
CVSS:4.2(Medium)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, mo...

CWE-892022

CVE-2024-33009

MEDIUM
CVSS:4.2(Medium)

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional informati...

CWE-892024