CWE-89


Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

We have discovered 2,578,088 live websites that are affected by CWE-89.

Contact us to get more info







CVEs

  • Count - 523



CWE-89 usage by Country

United States648,424 websites


Germany268,312 websites
Japan195,796 websites
Italy156,533 websites
France154,219 websites
Russia111,798 websites
GB90,837 websites
Poland85,433 websites
Netherlands68,429 websites
Spain59,764 websites

CWE-89 usage by TLD

.com990,747 websites
.de130,056 websites
.it109,815 websites
.org106,629 websites
.ru96,429 websites
.net75,070 websites
.pl67,313 websites
.nl59,429 websites
.co.uk59,293 websites
.fr55,425 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-89
DiscoveredCVEDescriptionWebsites
Apr, 2025CVE-2025-2128 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter909
Apr, 2025CVE-2025-31565 WordPress WPSmartContracts plugin <= 2.0.10 - SQL Injection vulnerability1
Apr, 2025CVE-2025-32565 WordPress Neon Product Designer Plugin <= 2.1.1 - Unauthenticated SQL Injection vulnerability8
Apr, 2025CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability7
Apr, 2025CVE-2025-32618 WordPress Wishlist plugin <= 1.0.43 - SQL Injection vulnerability1
Apr, 2025CVE-2025-32650 WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability39
Apr, 2025CVE-2025-32128 WordPress Nearby Locations Plugin <= 1.1.1 - SQL Injection vulnerability17
Apr, 2025CVE-2025-32687 WordPress Review Stars Count For WooCommerce <= 2.0 - SQL Injection Vulnerability1
Apr, 2025CVE-2025-32676 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability63
Apr, 2025CVE-2025-32677 WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability24

The most widespread CVEs

List of the most common CVEs that are part of CWE-89
DiscoveredCVEDescriptionWebsites
Jan, 2022CVE-2022-21661 SQL injection in WordPress1,884,492
Jan, 2022CVE-2022-21664 SQL injection in WordPress1,562,406
May, 2023CVE-2023-0329 Elementor Website Builder < 3.12.2 - Admin+ SQLi468,834
Sep, 2024CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection47,634
Mar, 2023CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi38,788
Mar, 2023CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection35,298
Jan, 2023CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi34,775
Mar, 2025CVE-2025-1702 Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter33,360
Feb, 2025CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection31,481
Feb, 2025CVE-2024-11260 Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.3 - Unauthenticated SQL Injection via Event Status Parameter24,337

Websites affected by CWE-89

Top websites that are affected by CWE-89. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
************.org Singapore***
****.br Brazil***
********.com United States***
****.******.com Singapore***
*********.com United States***
*********.net United States***
************.***.ar Argentina*,***
****.*******.org United States*,***
********.com United States*,***
***************.eu Netherlands*,***
See full domain list