CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8840

8840 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-69308	WordPress Nestbyte Core plugin <= 1.2 - SQL Injection vulnerability — Nestbyte Core	9.8^AI	Critical^AI	2026-02-20
CVE-2025-69306	WordPress Electio Core plugin <= 1.4 - SQL Injection vulnerability — Electio Core	9.8^AI	Critical^AI	2026-02-20
CVE-2025-69307	WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability — Medinik Core	9.8^AI	Critical^AI	2026-02-20
CVE-2025-69305	WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability — Crete Core	9.8^AI	Critical^AI	2026-02-20
CVE-2025-69304	WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability — Allmart	9.8^AI	Critical^AI	2026-02-20
CVE-2025-69295	WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability — Coven Core	9.8^AI	Critical^AI	2026-02-20
CVE-2025-67987	WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability — Quiz And Survey Master	9.8^AI	Critical^AI	2026-02-20
CVE-2025-10970	SQLi in Kolay Software's Talentics — Talentics	9.8	Critical	2026-02-20
CVE-2026-2822	JeecgBoot Backend airag_app,1,create_by sql injection — JeecgBoot	6.3	Medium	2026-02-20
CVE-2026-2821	Fujian Smart Integrated Management Platform System XCamera.ashx sql injection — Smart Integrated Management Platform System	7.3	High	2026-02-20
CVE-2026-2820	Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection — Smart Integrated Management Platform System	7.3	High	2026-02-20
CVE-2026-26990	LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php — librenms	8.8	High	2026-02-20
CVE-2026-26988	LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream — librenms	9.8	-	2026-02-20
CVE-2026-26980	Ghost has a SQL Injection in its Content API — Ghost	9.4	Critical	2026-02-20
CVE-2026-2435	ASSET-7706 — Asset	6.3	Medium	2026-02-19
CVE-2026-2409	Delinea Cloud Suite 安全漏洞 — Cloud Suite	9.8^AI	Critical^AI	2026-02-19
CVE-2026-1581	wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection — wpForo Forum	7.5	High	2026-02-19
CVE-2026-2232	Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter — Product Table and List Builder for WooCommerce Lite	7.5	High	2026-02-19
CVE-2025-15560	SQL Injection in NesterSoft WorkTime — WorkTime (on-prem/cloud)	6.5^AI	Medium^AI	2026-02-19
CVE-2026-25418	WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability — Bit Form	9.8^AI	Critical^AI	2026-02-19
CVE-2026-25378	WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability — Nelio AB Testing	9.8^AI	Critical^AI	2026-02-19
CVE-2026-23805	WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability — Media Search Enhanced	9.8^AI	Critical^AI	2026-02-19
CVE-2026-2706	code-projects Patient Record Management System fecalysis_not.php sql injection — Patient Record Management System	6.3	Medium	2026-02-19
CVE-2026-0722	Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches	6.5	Medium	2026-02-19
CVE-2025-12707	Library Management System <= 3.2.1 - Unauthenticated SQL Injection — Library Management System	7.5	High	2026-02-19
CVE-2026-2691	itsourcecode Event Management System manage_register.php sql injection — Event Management System	7.3	High	2026-02-19
CVE-2026-2690	itsourcecode Event Management System Admin Login ajax.php sql injection — Event Management System	7.3	High	2026-02-19
CVE-2026-2689	itsourcecode Event Management System manage_booking.php sql injection — Event Management System	7.3	High	2026-02-19
CVE-2025-15585	FileFlows 安全漏洞 — fileflows	8.8^AI	High^AI	2026-02-18
CVE-2026-2682	Tsinghua Unigroup Electronic Archives System prinReport.html sql injection — Electronic Archives System	6.3	Medium	2026-02-18

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8840 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8840