CWE-89


Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

We have discovered 30,500 live websites that are affected by CWE-89.

Contact us to get more info







CVEs

  • Count - 10



Countries

United States6,087 websites


Germany4,830 websites
France2,023 websites
Italy1,272 websites
GB1,095 websites
Iran1,073 websites
Netherlands933 websites
Poland923 websites
Japan882 websites
Spain727 websites

TLDs

.com10,130 websites
.de3,371 websites
.org2,267 websites
.fr967 websites
.it822 websites
.nl733 websites
.net715 websites
.pl685 websites
.com.br582 websites
.co.uk510 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-89
DiscoveredCVEDescriptionWebsites
Feb, 2024CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection49
Jan, 2024CVE-2023-0224 GiveWP < 2.24.1 - Unauthenticated SQLi2,488
Jun, 2023CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi7,675
Mar, 2023CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi20,339
Mar, 2023CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection14,244
Jan, 2023CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi13,313
Feb, 2022CVE-2022-0651 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_type185
Feb, 2022CVE-2022-25149 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP185
Feb, 2022CVE-2022-25148 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id185
Feb, 2022CVE-2022-0513 WP Statistics <= 13.1.4 Unauthenticated Blind SQL Injection via exclusion_reason117

The most widespread CVEs

List of the most common CVEs that are part of CWE-89
DiscoveredCVEDescriptionWebsites
Mar, 2023CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi20,339
Mar, 2023CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection14,244
Jan, 2023CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi13,313
Jun, 2023CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi7,675
Jan, 2024CVE-2023-0224 GiveWP < 2.24.1 - Unauthenticated SQLi2,488
Feb, 2022CVE-2022-0651 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_type185
Feb, 2022CVE-2022-25148 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id185
Feb, 2022CVE-2022-25149 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP185
Feb, 2022CVE-2022-0513 WP Statistics <= 13.1.4 Unauthenticated Blind SQL Injection via exclusion_reason117
Feb, 2024CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection49

Websites affected by CWE-89

Top websites that are affected by CWE-89. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.com United States*,***
************.com United States*,***
***.******************.org United States*,***
***.************.com Bulgaria**,***
************.***.in India**,***
***.***********.fr France**,***
***.******************.org United States**,***
***.*****************.org United States**,***
*****.org United States**,***
****.org Australia**,***
See full domain list