The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b470a277-f5ad-49ff-97dd-4d3ee0269e5a/ | Exploit Third Party Advisory |
Configurations
History
04 Jun 2025, 20:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-15 20:16
Updated : 2025-06-04 20:03
NVD link : CVE-2025-2248
Mitre link : CVE-2025-2248
CVE.ORG link : CVE-2025-2248
JSON object : View
Products Affected
mantus667
- wp-pmanager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')