Home

Description

The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform SQL injection attacks

PUBLISHED Reserved 2025-09-17 | Published 2025-10-08 | Updated 2025-10-08 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status
affected

Any version
affected

Credits

Khaled Alenazi (Nxploited) finder

WPScan coordinator

References

wpscan.com/...rability/92e965aa-45fc-4189-a341-1ecac656ebf3/ exploit vdb-entry technical-description

cve.org (CVE-2025-10635)

nvd.nist.gov (CVE-2025-10635)

Download JSON