Category:Extensions with SQL injection vulnerabilities

These extensions are known to contain SQL injection attack vulnerabilities, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.

It is advised that these extensions are updated to make proper use of MediaWiki's database class instead of concatenating raw SQL.

To add an extension to this list, tag it with SQL injection alert.